About the RoleWe are seeking an experienced Senior Security Consultant - GRC to help organizations design, implement, and optimize security programs that align with business goals and regulatory requirements. This role requires expertise in governance, risk, and compliance (GRC), as well as the ability to translate security frameworks into technical controls. You will work closely with clients to assess security posture, develop strategic roadmaps, and ensure compliance with industry standards.Key ResponsibilitiesSecurity Program Consulting: Advise clients on security strategy, risk management, and compliance initiatives.Framework Implementation: Assess, implement, and align security programs with frameworks such as CMMC, NIST CSF, ISO 27001, CIS Controls, PCI DSS, SOC 2, HITRUST, and FedRAMP.Technical Control Implementation: Guide clients in implementing security controls across networks, applications, cloud environments, and endpoints.Risk Assessments & Gap Analysis: Conduct security risk assessments, maturity evaluations, and compliance gap analyses to provide actionable recommendations.Policy & Procedure Development: Develop and refine security policies, standards, and guidelines tailored to client environments.Compliance Readiness: Support clients in achieving regulatory compliance and preparing for audits and assessments.Security Awareness & Training: Educate stakeholders on best practices for risk management and security program sustainability.Executive-Level Advisory: Present findings and strategic recommendations to CISOs, IT leaders, and executive teams.Required Qualifications8+ years of experience in cybersecurity consulting, GRC, or security program management.Strong expertise in security frameworks (NIST, ISO 27001, SOC 2, CIS, PCI DSS, etc.).Hands-on experience with technical control implementation across cloud, network, and endpoint security domains.Excellent consulting and client management skillsability to communicate complex security concepts to technical and non-technical stakeholders.Experience with risk management methodologies, security assessments, and control validation.Strong knowledge of identity & access management (IAM), vulnerability management, and security architecture.Ability to develop roadmaps for security program maturity and track remediation efforts.Skilled in policy creation and managementExceptional presentation, report writing, and executive advisory skills.Preferred QualificationsCertifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor.Experience working in regulated industries (finance, healthcare, government, etc.).Knowledge of DevSecOps, cloud security (AWS, Azure, GCP), and security automation.Familiarity with GRC tools and management conceptsWhy Join Us?Work remotely with a flexible schedule.Engage with diverse clients and industries, tackling real-world security challenges.Competitive salary, benefits, and professional development opportunities.Be part of a team that values innovation, integrity, and client success.Direct Applicants Only No Staffing Agencies or Third-Party RecruitersWe are not accepting solicitations from staffing agencies, recruiting firms, or third-party vendors for this position. Any unsolicited resumes or candidate submissions from such entities will not be considered, and we will not be responsible for any associated fees. Thank you for respecting this policy.
recblid itz6q4csmbx0x3pgkrigk3gr5qoxn1
Crux Security