GRC Consultant

About The Position

Requirements

• CMMC CCP or CCA is a requirement for this role.
• Strong problem-solving and analytical skills.
• Excellent customer service skills, including understanding how to de-escalate, how to soothe and how to deliver the most efficient solution.
• Strong communication skills, both verbal and written.
• Familiarity with regulatory frameworks such as NIST/CMMC, ISO 27001, HIPAA/Hitech, GDPR are a big plus.
• Strong organizational, operational, and inter-personal skills
• Strong familiarity with Windows desktop and server operating systems.
• Strong familiarity with Microsoft Office 365 and Azure Active Directory support and implementation.
• Strong understanding of networking concepts, familiarity with routers, firewalls, access points, IDS/IPS and VPN.
• Familiarity with Email threat protection tools and concepts.
• Familiarity with RMM and asset management tools are a big plus.
• Understanding of tools and processes used in security monitoring and incident response
• Experience with Endpoint Detection & Response (EDR) tools
• Ability to understand vulnerabilities at a technical level and capable of recommending and effectively communicating mitigation strategy
• Ability to communicate and write in English professionally
• Reliable personal transportation for use in traveling to clients' offices is essential.
• 3-5 years of experience working in an Information Security and/or Compliance capacity
• Customer service and client facing experience preferred.

Nice To Haves

• Familiarity with regulatory frameworks such as NIST/CMMC, ISO 27001, HIPAA/Hitech, GDPR are a big plus.
• Familiarity with RMM and asset management tools are a big plus.
• CMMC RPA will be considered preferentially.
• Customer service and client facing experience preferred.

Responsibilities

• Interface with client points of contact as required for onboarding/post sales activity and/or recurring check ins and inquiries.
• Continuously monitor and triage requests flowing through an inbound ticket queue.
• Participate in the design and execution of risk assessments and security audits.
• Participate in the management of employee awareness campaigns for both staff and clients, including phishing simulations and awareness training.
• Perform CMMC Readiness against 110 controls, delivering a comprehensive SSP and POAM with assisted attestation and SPRS reporting.
• Manage client projects from start to finish, defining milestones and deliverables and meeting determined deadlines.
• Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, regulatory requirements, improved security processes, and the development of new attacks and threat vectors.
• Document best practices and user guides using available collaboration tools and workspaces.
• Develop and maintain both internal and client-facing documentation, policy libraries and delivery metrics for end-to-end client security and compliance.
• Provide timely, detailed, and complete reports on vulnerabilities, security events and incidents in a client facing setting.
• Triage internal security and permissions requests from staff, including but not limited to systems access and employee terminations.
• Oversee upkeep of internal SOP, ensuring adjustments to protocol are made as tools and methods evolve.
• Perform QA workflow as necessary to improve upon consistency of product and client experience.
• Coordinate resources and/or route audit requests appropriately for high volume or regulated client points of contact.
• Ability to manage a changing and evolving workload and function as decision-maker where needed.
• Provide after-business hours support if requested and as applicable to geographically distributed client base.
• Perform other duties and tasks as assigned.