We are seeking an experienced Cybersecurity TechGRC Consultant with over 10 years of expertise in Governance, Risk, and Compliance (GRC) and Technology Risk Management. The ideal candidate will have a strong background in cybersecurity frameworks, risk assessments, control testing, cloud security, and policy development. You will collaborate with global Fortune 500 companies and industry-leading organizations to enhance their cybersecurity and risk management programs.
Day-to-Day Responsibilities
• Collaborate daily with client-facing teams to gain an understanding of project tasks and deliverables.
• Work closely with the Global Delivery Team Manager (GDTM) to execute project tasks and deliverables.
• Attend client meetings on behalf of CyberVigilance LLC, take notes, and highlight key project deliverables.
• Participate in internal team meetings to provide updates on client deliverables.
• Support additional initiatives assigned by the GDTM.
Key Responsibilities
• Lead and manage cybersecurity risk assessments and gap analysis projects, ensuring compliance with frameworks such as ISO 27001:2022, GLBA OCC, SOC2, NIST CSF, NIST SP 800-53, and CIS Controls V8.
• Conduct control testing and remediation for complex environments, identifying vulnerabilities, assessing risks, and implementing mitigation strategies.
• Manage compliance readiness projects (e.g., ISO 27001, SOC2, PCI-DSS, GLBA OCC), including the development of policies, procedures, and remediation plans.
• Perform cybersecurity due diligence for mergers and acquisitions by evaluating technical controls, governance processes, and risk exposure.
• Develop and update cybersecurity policies, standards, and procedures in line with industry best practices.
• Oversee risk exception processes and 3rd-party risk assessments, including stakeholder management, risk analysis, and remediation planning, using GRC tools like Archer.
• Collaborate with cross-functional teams (IT, OT, Risk, Legal) to provide strategic recommendations for improving cybersecurity posture and risk management. Location: RemoteJob Type: Full-time/ContractWork Timings: 5 PM to 2:00 AM India Standard TimeQualifications
• Experience deploying security solutions that meet standards such as NIST, SOC2, ISO 27001, PCI-DSS, GDPR, FedRAMP, HIPAA, and cloud security frameworks like CSA CCM.
• Strong understanding of regulations, industry standards, and best practices in security, including platform, network, cloud, data security, and privacy.
• Proficiency in developing and reviewing information security policies, standards, and procedures, particularly for cloud security.
• Experience collecting security metrics, assessing cloud security risks, and developing management reports.
• Hands-on experience with GRC tools (e.g., Archer, OneTrust, Vanta) and CSPM tools (e.g., Wiz, Palo Alto Prisma).
• Experience in conducting internal security risk assessments, cloud security assessments, and documenting findings.
• Must be self-motivated, able to work in a fast-paced, agile environment, and collaborate effectively to meet business objectives.
• Experience with incident response, security breaches, and cloud security incident analysis.
Qualifications
• 10+ years of experience in Cybersecurity, GRC, or Technology Risk Management roles.
• Bachelor’s degree in computer science, Information Security, or a related field from an accredited institution is preferred.
• Relevant certifications such as CISSP, CISA, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor are a plus.
• Strong verbal, written, and presentation skills with the ability to engage effectively at all levels of management.Preferred Qualifications (Good to Have):
• Prior experience working with global consulting or service delivery firms such as Accenture, Deloitte, PwC, KPMG, EY, IBM, Wipro, TCS, Cognizant, HCL, Protiviti, or similar.• Demonstrated career progression within the same organization (e.g., promotion from Analyst to Senior Analyst to Consultant within a 5–7 year window), indicating high performance, adaptability, and long-term client delivery success—especially in servicing Western or US-based clients.• Strong communication skills and experience collaborating across cross-functional and cross-regional teams, preferably in client-facing roles.• Familiarity with US-based enterprise environments, regulatory expectations, or delivery frameworks (e.g., NIST, SOX, ISO, PCI, FedRAMP, HIPAA) is a plus.
