GRC Manager

Why Work Here? MorganFranklin Consulting is a management advisory firm that works with leading businesses and government to address complex and transformational finance, technology, Cybersecurity, and business objectives. MorganFranklin's Cybersecurity practice helps clients across the globe to solve their most critical Cybersecurity needs. From consulting and implementation to managed services and project resourcing, we work to safeguard assets by identifying risks, developing, and maturing Cybersecurity programs, and implementing solutions that support and meet business goals. Custom-tailored and business-aligned service offerings include: Strategy and GRC Cybersecurity Operations Identity & Access Management Incident Response & Risk Intelligence Application Security Managed Security Services Provider Position Overview The GRC Consultant will play a critical role in delivering Governance, Risk Management, and Compliance (GRC) engagements for MorganFranklin's clients. This position is responsible for assessing, enhancing, developing, and implementing processes and technologies that support clients' strategic and operational objectives. The role involves a blend of strategic program-level activities and tactical program execution, enabling clients to establish resilient and effective GRC programs. This position supports MorganFranklin Cybersecurity's full suite of GRC services, helping clients navigate and meet complex regulatory, operational, and cybersecurity challenges. Key Responsibilities Governance: Provide input regarding development and enhancements to governance frameworks through policy development, procedures, assessments, monitoring, reporting, and education and awareness programs. Assist with development of thought leadership on best practices in governance tailored to industry-specific requirements. Risk Management: Support the design and execution of enterprise risk management frameworks, enabling clients to identify, assess, mitigate, and monitor cybersecurity risks effectively. Perform risk analyses, develop mitigation strategies, and implement risk controls aligned with leading frameworks. Compliance: Support compliance assessments and assists with defining actionable recommendations to enhance maturity and reduce compliance risks Define and manage compliance objectives by developing and enhancing processes to meet internal policies, regulatory requirements, and industry best practices (e.g., NIST, PCI-DSS,HIPAA). Collaboration & Delivery: Work closely with project teams and client stakeholders to achieve engagement goals and objectives. Provide high-quality documentation, reporting, and presentations tailored to client needs. Requirements Experience: 2-5 years of experience supporting cybersecurity initiatives with application of frameworks and standards. Education & Certifications: Bachelor's degree, preferably in Information Technology or Information Security, or equivalent specialized practical experience and certifications (e.g., CISSP, CISM, CISA, CRISC, etc.) Knowledge & Skills: In-depth knowledge of regulatory standards (e.g., HIPAA, PCI-DSS, CMMC). Familiarity with industry frameworks and standards, such as NIST CSF, ISO 27001, SOC 2, and COBIT. Expertise with utilizing the Microsoft Office suite of products (Excel, Word, and PowerPoint) Hands-on experience with GRC platforms (e.g., ServiceNow, AuditBoard, Archer, Hyperproof, OneTrust, ProcessUnity). Strong organizational and project management skills. Excellent written and verbal communication skills, including the ability to explain technical concepts to non-technical stakeholders. Ability to manage multiple engagements simultaneously while maintaining high quality and adherence to deadlines. Preferred Qualifications Knowledge of emerging cybersecurity trends, including AI risk management, privacy-enhancing technologies, and third-party risk management. Experience with enterprise risk governance, cybersecurity, privacy, data management, and IT audit Experience in developing tailored GRC solutions for sectors such as financial services, healthcare, retail, or government. Familiarity with IT Operations and associated technologies (ex: firewalls, Windows/Linux servers, workstations, cloud-solutions, databases, etc.)