Grc Security Consultant (Governance, Risk And Compliance) - Freelance [Remote]

ABOUT US:
Braintrust is a user-owned talent network that connects you with great jobs with no fees or membership costs—so you keep 100% of what you earn.
ABOUT THE HIRING PROCESS:
When you join Braintrust, you will be invited to a screening process for Braintrust to learn more about your previous work experiences. Once completed, you will have access to the employer for this role and other top companies that seek high-quality talent. Apply to this job to kick off the process.

• LOCATION: Remote - Canada only (TimeZone: EST | Partial overlap)
• JOB TYPE: Freelance, Contract Position (no agencies/C2C - see notes below)
• ESTIMATED DURATION: 40h/week - Long term
• HOURLY RANGE: Our client is looking to pay $115 – $125/hr

THE OPPORTUNITY
Start date: ASAP
This is a 6 month contract opportunity with the possibility of converting into an FTE.
A Security Consultant is a client-focused position that works with the company's clients to develop a comprehensive security program. Our client's GRC Security Consultants’ responsibilities include planning, implementing, and monitoring various security control frameworks. The GRC Security Consultant will be part of a select group of industry-recognized experts and work on unique security solutions associated with next generation technologies and emerging security threats. Ongoing training and professional certifications are part of the job requirements.
Skillsets

• General knowledge of network topologies, security architectures, security solutions, tools, and IT Policies and standards
• Knowledgeable of industry standards such as NIST 800-53, NIST CSF, NIST 1800-23, DFARS and CMMC, NYS DFS, NYS Shield Act, HIPAA, NYS DOH OHIP SSP, NERC CIP, GDPR, PCI-DSS, CIS CSC.
• General knowledge IT consulting, control implementation and optimizations, along with auditing security domains such as identity and access management, data encryption, application security, firewall auditing, vulnerability management and reporting, and asset management
• Demonstrated standards assessment experience
• Familiarity with vulnerability management programs, security architecture reviews, technical and physical security assessments
• Experience with interfacing and presenting to C-level executives
• Experience developing security analysis documentation and recommended remediation actions

Requirements

• Ability to prioritize effectively and handle shifting priorities professionally
• Proven collaborator
• Occasional travel as required by client engagement
• Successfully interface with clients (internal and external)
• Comfortable with public speaking in front of an audience
• Manage personal schedule, projects tasks, and team deliverables
• Provide weekly time accounting and monthly expense reports
• Exemplary written and verbal communication skills
• Takes ownership of the project, tasks, and client deliverable
• Assist the Sales team in presenting proposals and closing sales opportunities
• Create clearly stated remediation recommendations based on industry best practice
• Document and explain technical details in a concise, clear manner
• Participate in pre-sales calls and write consulting proposals and statements of work
• Produce and review reports to support project deliverables

Certifications

• CISM and CISA, desired.
• CISSP, required

Responsibilities

• Partner with technical teams, advising both on applicable control requirements and potential solutions to address them
• Drive remediation activities with stakeholders, including developing remediation plans, tracking, and reporting remediation progress
• Facilitate security compliance gap analysis workshops
• Identify control deficiencies and maintain records of deficiency details including management response documentation and exposure check evidence
• Develop and manage internal GRC initiatives
• Participate in security and compliance testing of client infrastructure
• Support evidence collection and documentation for internal and external audits
• Conduct compliance assessments of controls for in-scope systems, including remediation assessments and audit-readiness assessments
• Work with our client's team to provide evidence at time of external client audits
• Report on security operations to client leadership teams in terms of risk and compliance
• Develop client GRC programs and System Security Plans
• Stay up to date and proactively informed on developing regulatory concerns and evolving compliance control solutions
• Coordinate organizational remediation efforts based on plan of action and milestones, which is derived from the gap analysis workshops
• Perform continuous monitoring activities and track control health metrics
• Collaborate with client security, IT, and business teams to streamline security process and procedure development

What you’ll be working on
Our client is an IT consulting and services organization that specializes in cybersecurity, compliance, cloud, data, and application development. They work with businesses all over the world to reach their goals. Basically, they use technology to help businesses grow. Cool, right?
They’re a global company with offices in 3 countries and over 350 employees around the globe, they strive to stay true to their roots: trust, accountability, creativity, community, and collaboration.
Their culture underpins everything they do. In fact, they’re a Certified Great Place to Work. They’re looking for people who share their values, have passion for technology, and will make an impact on their clients’ lives and their communities.
So, here’s a bit about what it’s like to work at the company:

• Focus on learning. Their team has an exceptionally wide breadth of expertise across the IT spectrum. You will learn about other areas of the industry by being immersed with their technology experts.
• They embrace change. They believe that when creativity is fused with technology in just the right way, amazing things can happen. World-changing things. They foster a creative and collaborative environment for employees and their teams.

If you're excited by the thought of working for a company like that, they want to hear from you!
Apply Now!
Braintrust Job ID: 6664
C2C Candidates: This role is not available to C2C candidates working with an agency. If you are a professional contractor who has created an LLC/corp around their consulting practice, this is well aligned with Braintrust and we’d welcome your application.
Braintrust values the multitude of talents and perspectives that a diverse workforce brings. All qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status.