About Us:
Thrive is a rapidly growing technology solutions provider focusing upon Cloud, Cyber Security, Networking, Disaster Recovery and Managed Services, including Managed GRC Services. Our corporate culture, engineering talent, customer-centric approach, and focus upon “next generation” services help us stand out amongst our peers. Thrive is on the look-out for individuals who don’t view their weekdays spent at “a job” but rather look to develop valuable skills that ignite their passion and lead to a CAREER. If you’re attracted to a “work hard, play hard” environment, seeking the guidance, training and experience necessary to build a lucrative career, then welcome to THRIVE!!
Position Overview:
The Governance, Risk, and Compliance (GRC) Consultant is a client-facing role that helps build, manage, and maintain cybersecurity compliance programs for clients across various industries, primarily within the government sector where most clients will be government contractors or sub-contractor providers that need to comply with government regulations.
The GRC Consultant supports the Assessment, Program Establishment, and Support work required for Abacode’s clients to become and remain compliant with their respective cybersecurity and privacy frameworks. The GRC Consultant develops client reporting and metrics, updates dashboards, and collects and validates evidence/artifacts.
Responsibilities:
· Participates in day-to-day operations and client engagement activities across various client projects involving compliance readiness and security assessments.
· Supports the Abacode GRC Service Delivery team with conducting on-going and new assessments of controls, processes, and procedures across multiple clients and compliance standards: NIST 800-171 (CMMC), SOC 2, ISO 27001, HIPAA, PCI DSS, NIST CSF and CIS
· Supports clients with maintaining compliance with such frameworks by guiding them through control execution and evidence collection and review.
· Supports compliance, policy, procedural, and technical review of client information security and/or compliance program(s), providing maturity and improvement recommendations based on experience and industry best practices.
· Performs security controls gap analysis and identification based on compliance mandates, standards, and security benchmarks.
· Documents security controls inventory of client systems within the GRC portals.
· Conducts general cybersecurity Risk Assessments
· Provides tactical guidance aimed at helping clients meet compliance requirements across applicable security standards and frameworks.
· Performs audit liaison activities, guiding and assisting clients with audit preparation, evidence identification and gathering, and responding to audit questions.
· Manages compliance requirements across multiple clients in parallel. Works with clients to identify opportunities for improvement for client’s security controls.
· Builds internal company partnerships and collaborates with team leaders to determine the company's services, delivery criteria, and solutions for issues that may arise.
· Supports evidence collection for internal Abacode/Thrive audits.
· Identifies and makes suggestions for improvements when problems and/or opportunities arise.
· Keeps up to date with developments in the cybersecurity, privacy, and GRC areas of specialization.
· Performs other duties as assigned.
Qualifications:
Minimum
Preferred
Powered by JazzHR