GRC Consultant

About The Position

Requirements

• Strong understanding of regulatory and security frameworks (HIPAA, CMMC, NIST CSF, NIST 800‑53, ISO 27001, SOC 2, etc.).
• Hands‑on experience with risk assessments, control testing, audits, and policy development.
• Excellent written and verbal communication skills.
• Ability to collaborate across technical and non‑technical teams.
• Strong analytical skills and attention to detail.

Nice To Haves

• Bachelor’s degree in Cybersecurity, Information Systems, or related field, or equivalent experience.
• Professional certifications such as CISSP, CISM, CISA, CRISC, or equivalent.
• Experience with GRC platforms (StandardFusion, Apptega, Vanta, etc.).
• 3+ years of relevant cybersecurity and GRC experience, gained through direct industry work, consulting or client‑facing advisory services.
• Strong problem‑solving and critical‑thinking abilities.
• Ability to manage multiple engagements and deadlines.
• Collaborative, customer‑centric mindset.
• High integrity and commitment to confidentiality.

Responsibilities

• Client Engagement & Reporting
• Generate, analyze, and present cybersecurity service reports and dashboards to demonstrate program efficacy and maturity progress.
• Translate technical risks and data into business‑relevant insights for stakeholders.
• Conduct research and provide guidance on emerging threats, regulatory changes, and new technologies.
• Collaborate with internal resources to review vulnerability scans, penetration test results, and risk assessments.
• Governance & Policy
• Assist clients in developing, reviewing, and maintaining cybersecurity policies, standards, and procedures.
• Support creation and continuous improvement of security governance frameworks aligned to business objectives.
• Risk Management
• Conduct cybersecurity risk assessments, control gap analyses, and maturity assessments.
• Identify and evaluate risks, recommend remediation strategies, and track mitigation progress.
• Support maintenance of risk registers and provide leadership reporting.
• Compliance & Audit
• Ensure client alignment with regulatory and industry frameworks (NIST, ISO 27001, SOC 2, HIPAA, GDPR, PCI‑DSS, etc.).
• Assist with audit readiness, evidence collection, compliance roadmaps, and remediation activities.
• Third‑Party Risk Management
• Perform vendor security assessments and oversee third‑party risk processes.
• Security Program Development
• Support design, enhancement, and continuous improvement of client security programs.
• Assist with building control frameworks and aligning them with best practices.
• Provide guidance on cybersecurity strategy, roadmaps, and program governance.
• Incident Preparedness
• Assist clients with incident response planning, tabletop exercises, and business continuity initiatives.
• Recommend improvements to detection, response, and recovery capabilities.
• Internal Collaboration & Continuous Improvement
• Work with Ascend Cybersecurity Leadership to identify improvement opportunities through data analytics and trend analysis.
• Serve as a resource to Solutions Architects regarding cybersecurity professional services and data offerings.
• Facilitate knowledge sharing and adaptability as client priorities evolve.
• Support efficient operations within a leveraged cybersecurity services model.
• Perform additional responsibilities as assigned.

Benefits

• Along with a competitive salary, we offer a comprehensive benefits package, including health, dental, and vision insurance, retirement savings options, flexible time off (FTO), and professional development opportunities.
• We are open to discussing compensation and benefits further during the interview process to ensure alignment with the candidate’s expectations and experience.