Security GRC Lead Consultant

Job Title

Experience:

Location:

Type:

Industry

Job Summary:

A seasoned Security GRC (Governance, Risk, and Compliance) Consultant and Security Lead with over 10 years of experience in implementing, managing, and optimizing cybersecurity governance frameworks.

Adept at bridging business and technology risk, ensuring regulatory compliance, and leading cross-functional teams to uphold enterprise security posture.

Proven ability to drive enterprise risk programs, security audits, and compliance initiatives in diverse industries including finance, healthcare, and technology.

Key Responsibilities:

Governance, Risk, and Compliance (GRC):

• Develop, implement, and manage enterprise-wide GRC strategies aligned with business and regulatory requirements (e.g., ISO 27001, NIST, SOC 2, HIPAA, GDPR, PCI-DSS).

• Lead security risk assessments, third-party vendor evaluations, and business impact analyses (BIA).

• Design and implement risk treatment plans, control testing programs, and continuous monitoring processes.

• Maintain and enhance GRC platforms such as Archer, ServiceNow GRC, or LogicGate.

Security Leadership & Strategy:

• Act as the primary liaison between business stakeholders, technical teams, and executive leadership on cybersecurity initiatives.

• Lead the development and execution of information security programs, policies, and procedures.

• Provide expert guidance on security architecture, incident response, and data protection strategies.

• Conduct security awareness training and culture-building across the organization

Audit & Compliance:

• Prepare organizations for internal and external audits; respond to audit findings and ensure timely remediation.

• Manage and maintain documentation for control evidence, risk registers, and compliance reports.

• Engage with regulatory bodies and customers during compliance reviews and assessments.

Project Management & Team Leadership:

• Lead or participate in cross-functional projects including cloud security assessments, privacy impact assessments (PIAs), and IT risk projects.

• Mentor and lead junior security professionals; contribute to internal knowledge bases and best practices.

• Manage project timelines, stakeholder expectations, and deliverables in Agile and Waterfall environments.

Required Skills & Qualifications:

• Bachelor’s or Master’s degree in Cybersecurity, Information Systems, or related field.

Professional certifications:

• Strong knowledge of GRC frameworks (ISO, NIST CSF, COBIT), data protection laws (GDPR, CCPA), and industry standards.

• Experience with security tools and platforms like Archer, ServiceNow GRC, Splunk, Tenable, Qualys, etc.

• Excellent communication, stakeholder management, and technical writing skills.

• Ability to work independently and drive multiple initiatives in complex environments.

Preferred Experience:

• Hands-on experience in cloud security (AWS, Azure, GCP).

• Experience working in highly regulated industries (Finance, Healthcare, Pharma).

• Familiarity with DevSecOps, secure SDLC, or CI/CD pipeline security controls.