Innovation & Technology Enabling Business Growth
GRC Consultant
Location
United States
Posted
105 days ago
Salary
0
Seniority
Mid Level
No structured requirement data.
Job Description
GRC Consultant
Ascend Technologies
GRC Consultant This is a fully remote position PURPOSE The GRC Cybersecurity Consultant serves as a trusted advisor to Ascend clients, strategically enhancing their cybersecurity posture. This role supports the client’s development, delivery, and continual improvement of comprehensive cybersecurity and compliance programs aligned with frameworks such as NIST CSF, CIS Controls, ISO 27001, HIPAA Omnibus, SOC 2, PCI‑DSS, and other regulatory standards. The consultant also contributes to helping regulated clients prepare for audits (SOC 2, SEC, FDIC, etc.). This position works closely with both business and technical stakeholders to assess risks, implement controls, develop policies, support audit readiness, review security data, and communicate clear, business‑aligned recommendations. Strong presentation and communication skills are essential for translating complex cybersecurity concepts into actionable insights for diverse audiences. RESPONSIBILITIES Client Engagement & Reporting - Generate, analyze, and present cybersecurity service reports and dashboards to demonstrate program efficacy and maturity progress. - Translate technical risks and data into business‑relevant insights for stakeholders. - Conduct research and provide guidance on emerging threats, regulatory changes, and new technologies. - Collaborate with internal resources to review vulnerability scans, penetration test results, and risk assessments. Governance & Policy - Assist clients in developing, reviewing, and maintaining cybersecurity policies, standards, and procedures. - Support creation and continuous improvement of security governance frameworks aligned to business objectives. Risk Management - Conduct cybersecurity risk assessments, control gap analyses, and maturity assessments. - Identify and evaluate risks, recommend remediation strategies, and track mitigation progress. - Support maintenance of risk registers and provide leadership reporting. Compliance & Audit - Ensure client alignment with regulatory and industry frameworks (NIST, ISO 27001, SOC 2, HIPAA, GDPR, PCI‑DSS, etc.). - Assist with audit readiness, evidence collection, compliance roadmaps, and remediation activities. Third‑Party Risk Management - Perform vendor security assessments and oversee third‑party risk processes. Security Program Development - Support design, enhancement, and continuous improvement of client security programs. - Assist with building control frameworks and aligning them with best practices. - Provide guidance on cybersecurity strategy, roadmaps, and program governance. Incident Preparedness - Assist clients with incident response planning, tabletop exercises, and business continuity initiatives. - Recommend improvements to detection, response, and recovery capabilities. Internal Collaboration & Continuous Improvement - Work with Ascend Cybersecurity Leadership to identify improvement opportunities through data analytics and trend analysis. - Serve as a resource to Solutions Architects regarding cybersecurity professional services and data offerings. - Facilitate knowledge sharing and adaptability as client priorities evolve. - Support efficient operations within a leveraged cybersecurity services model. - Perform additional responsibilities as assigned. REQUIRED SKILLS, EXPERIENCE, AND EDUCATION - Strong understanding of regulatory and security frameworks (HIPAA, CMMC, NIST CSF, NIST 800‑53, ISO 27001, SOC 2, etc.). - Hands‑on experience with risk assessments, control testing, audits, and policy development. - Excellent written and verbal communication skills. - Ability to collaborate across technical and non‑technical teams. - Strong analytical skills and attention to detail. PREFERRED SKILLS, EXPERIENCE, AND EDUCATION - Bachelor’s degree in Cybersecurity, Information Systems, or related field, or equivalent experience. - Professional certifications such as CISSP, CISM, CISA, CRISC, or equivalent. - Experience with GRC platforms (StandardFusion, Apptega, Vanta, etc.). - 3+ years of relevant cybersecurity and GRC experience, gained through direct industry work, consulting or client‑facing advisory services. - Strong problem‑solving and critical‑thinking abilities. - Ability to manage multiple engagements and deadlines. - Collaborative, customer‑centric mindset. - High integrity and commitment to confidentiality. Starting Compensation Range: $100,000 per year The salary for this position is commensurate with experience, skills, and qualifications. The range is intended to reflect our commitment to attracting top talent, and the final offer will be based on factors including, but not limited to, the candidate's previous experience, expertise in the field, relevant certifications, and the specific requirements of the role. In addition, internal equity, market trends, and geographic location may also influence the final salary. Along with a competitive salary, we offer a comprehensive benefits package, including health, dental, and vision insurance, retirement savings options, flexible time off (FTO), and professional development opportunities. We are open to discussing compensation and benefits further during the interview process to ensure alignment with the candidate’s expectations and experience. At Ascend Technologies we firmly believe that diversity, equity, and inclusion are not only fundamental values but also powerful drivers of innovation, growth, and success. We are committed to fostering an environment where every individual feels valued, respected, and empowered. CORE VALUES We are seeking highly motivated individuals who have the willingness and ability to demonstrate Ascend core values: - Committed to Client Success: Our actions and our words always align with the best interest of the client. - One Team: We work collaboratively to overcome challenges with humility and respect and do what it takes to find innovative solutions. - Integrity: We are unquestionably committed to doing the right thing even when it is hard. - Accountability: We hold ourselves and each other accountable for keeping our commitments to our clients, our communities, and one another. - Transparency: We create open lines of communication with each other and our clients, fostering relationships founded on candor and trust. PHYSICAL DEMANDS: Must be able to sit, stand, and bend for the duration of shift. The position is mainly sitting, with occasional lifting up to 50 lbs, such as laptop, server equipment, and, driving to the work site to meet with client(s).
Related Guides
Related Categories
Related Job Pages
More Compliance Jobs
Healthcare Payer Compliance Specialist
ExpressableCommitted to improving speech and language outcomes for children and adults with affordable, online therapy.
• Support audit and compliance efforts by assisting with external payer responses, conducting internal reviews, and ensuring required training is completed. • Maintain payer setup and readiness including fee schedules, EFT/ERA configuration, portal access, and payer profile updates. • Interpret payer contracts and manuals to extract operational requirements and support clean claim submission. • Maintain up-to-date reference materials and serve as a resource to internal teams on payer rules and workflows. • Monitor payer updates and policy changes, assess their impact, and assist with implementation and compliance tracking; attending new payer orientation meetings and ongoing payer training sessions. • Collaborate cross-functionally on special projects to improve payer compliance, documentation, and training systems.
• Review prime contracts & modifications to identify applicable SCA clauses (including FAR 52.222-41 and related provisions). • Analyze and implement Wage Determinations (WDs) and applicable updates. • Ensure proper labor classification alignment with DOL wage determinations. • Monitor compliance with health & welfare (H&W) benefit requirements. • Support audits related to SCA compliance, as requested by Contracts & Compliance Manager. • Support audits related to DBA, as requested by Contracts & Compliance Manager. • Maintain documentation supporting compliance requirements. • Coordinate with HR and Payroll to validate compensation alignment with WD requirements. • Track contract modifications affecting wage determinations and labor categories. • Set up contracts, contract modifications, and wage updates in ERP system. • Draft, review, and administer subcontracts under SCA-covered prime contracts • Draft, review, & administer subcontracts under DBA-covered prime contracts, as required by Contracts Manager • Ensure proper FAR, DFARS, and SCA clause flow-down to subcontractors. • Verify subcontractor compliance with wage determinations and certified payroll requirements (if applicable). • Maintain subcontract compliance files. • Set up subcontracts and consulting agreements in ERP system. • Assist with preparation of compliance reports and internal audits. • Track regulatory updates affecting SCA contracts. • Support implementation of policies and SOPs related to SCA and subcontract compliance. • Provide guidance to internal stakeholders on SCA labor standards requirements.
• Support CDW’s Global Information Security organization in maintaining continuous compliance with Cybersecurity Maturity Model Certification (CMMC), NIST 800‑171, and related government security requirements. • Perform detailed technical, documentation, and evidence‑gathering activities to support assessments, audits, and system onboarding. • Develop remediation plans, validate control execution, document system architectures and connections, review contractual security requirements, and ensure accurate compliance records in the GRC platform. • Work with control owners to ensure timely execution and effectiveness of controls. • Conduct interviews for security controls and collect objective evidence for compliance assessment. • Develop and update Operational Plan of Action (OPA) to address gaps and compliance issues. • Remediate findings, track progress, and reassess post-remediation. • Draft, update, and finalize System Security Plan (SSP) for systems in scope and new systems under evaluation. • Use the GRC platform to manage controls effectiveness status, documentation, and evidence. • Update or create policies and procedures to support compliance. • Develop detailed architecture and data flow diagrams for all in-scope systems. • Review and document all connections (APIs, ports, protocols, services) for in-scope systems and physical locations. • Identify and document all external and cloud service providers associated with in-scope environments. • Review Government contracts and RFPs to identify obligations, assess feasibility, and ensure security requirements are met before commitment. • Independently review and revise information security clauses in customer and vendor contractual agreements to ensure compliance with company policies. • Perform other work as assigned to support overall Security Risk Management team objectives.
EHS & Compliance Manager
SoftBank Robotics AmericaTransforming work through automation and robotics solutions that deliver trusted results and valued experiences.
• Develop, implement, and continuously improve the corporate EHS management system, policies, and standards • Establish enterprise-wide safety frameworks and compliance practices across all construction sites • Drive a proactive, risk-based approach to safety and regulatory compliance across the portfolio • Lead, mentor, and provide strategic direction to Regional Safety Managers and site-level EHS personnel • Own corporate-level EHS reporting, including the development and monitoring of key performance indicators • Serve as the primary corporate liaison with regulatory agencies, including OSHA, EPA, and other applicable authorities • Lead investigations into significant incidents and ensure effective root cause analysis




