Senior Associate Consultant - Regulatory Compliance

AHEAD

11d•$95,000 - $120,000

About The Position

AHEAD builds platforms for digital business. By weaving together advances in cloud infrastructure, automation and analytics, and software delivery, we help enterprises deliver on the promise of digital transformation. At AHEAD, we prioritize creating a culture of belonging, where all perspectives and voices are represented, valued, respected, and heard. We create spaces to empower everyone to speak up, make change, and drive the culture at AHEAD. We are an equal opportunity employer, and do not discriminate based on an individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, marital status, or any other protected characteristic under applicable law, whether actual or perceived. We embrace all candidates that will contribute to the diversification and enrichment of ideas and perspectives at AHEAD. We are seeking a Consultant specializing in Security Governance, Risk, and Compliance (GRC) with a strong focus on security compliance assessments, particularly against NIST frameworks. This role requires a combination of security and consulting subject matter expertise, and client-facing communication skills to deliver high-quality solutions tailored to each clientâs unique security and compliance needs. The ideal candidate will be proactive, detail-oriented, and capable of independently driving workstreams while contributing to the broader success of client engagements. This is a challenging yet rewarding role that provides an opportunity to work with diverse set of clients across multiple industries.

Requirements

Undergraduate technical degree in Engineering, Computer Science, IT Management, Cybersecurity, or related field preferred, but not required.
Minimum of 4-6 yearsâ professional, relevant experience, with at least 2 years in a client facing role.
1â2 professional and/or technical certifications in IT security, cloud security, or application security (e.g., CompTIA Security+, ISC^2 CC, etc.)
Solid understanding of common compliance frameworks (e.g., NIST, ISO, CMMC, etc.) and their application in enterprise environments.
Strong technical knowledge of what good evidence looks like for assessments beyond policy and procedure language. A technical assessment will be performed during the interview process to confirm this critical skill.
Knowledge of cybersecurity technologies (e.g., SIEM, vulnerability management, endpoint security) and their integration with compliance mandates.
Hands-on experience with tools and platforms supporting GRC workflows (e.g., Archer, ServiceNow GRC, or similar).
Excellent verbal and written communication skills (high proficiency in Microsoft Office Suite required).
Comfortable addressing and presenting to groups in virtual or in-person settings.
Strong problem-solving abilities, capable of addressing complex and abstract challenges.
Exceptional interpersonal skills, with the ability to connect and collaborate with diverse personalities and stakeholders.

Responsibilities

Apply compliance frameworks (e.g., NIST, ISO, etc.) to assess, design, and implement security controls for enterprise environments.
Conduct compliance gap assessments, develop remediation plans, and guide clients through audit readiness processes.
Create and maintain key documentation such as risk assessments, controls mapping, compliance roadmaps, and policies tailored to client needs.
Ensure alignment with regulatory requirements and standards, such as NIST, CMMC, ISO 27001, or SOC 2, based on the engagement scope.
Stay informed of evolving compliance frameworks, regulatory changes, and security best practices to provide clients with up-to-date and actionable recommendations.
Support clients in developing and maturing their GRC programs, with an emphasis on measurable security improvement and compliance sustainability.
Manage and run defined workstreams with minimal oversight, ensuring continuity and success across client engagements.
Maintain workstream RAID documentation (Risks, Assumptions, Issues, Dependencies) and proactively mitigate risks to keep projects on track.
Communicate project status, risks, and decisions clearly and effectively to clients, ensuring transparency and alignment.
Produce client-ready drafts of deliverables with minimal rework, adhering to professional quality standards.
Leverage QA checklists and processes to identify issues early and ensure consistency across deliverables.
Analyze tradeoffs, present options, and provide well-reasoned recommendations, escalating challenges along with proposed solutions when necessary.
Independently sustain progress on client engagements during critical periods, maintaining momentum for up to 5â10 business days if required.
Contribute to client knowledge transfer and training efforts, ensuring operational teams are equipped to maintain compliance post-engagement.