Build Your Career in Compliance

We are seeking a proactive, articulate, and client-focused Governance, Risk, and Compliance (GRC) Consultant to partner with organizations to design, manage, and implement their comprehensive GRC programs. This role requires strong verbal communication skills and the ability to confidently interact with clients on video calls.

As a GRC Consultant, you will guide clients through complex frameworks, including NIST 800-53, SOC 2, ISO 27001, FedRAMP, HITRUST, and other regulations like GDPR and HIPAA. You will play a key role in preparing clients for third-party certifications, ensuring long-term compliance, and maturing security posture.

Our consultants specialize in the following key areas:

• IT Compliance Frameworks & Certifications (SOC 2, ISO 27001, NIST 800-53, FedRAMP, HITRUST, HIPAA, GDPR, CCPA)
• Governance, Risk, and Compliance
• Information Security & Risk Management
• Cybersecurity Best Practices & Regulatory Requirements
• Audit Readiness & Continuous Compliance
• Data Privacy & Security Policies

Responsibilities of a GRC Consultant:

• Client Management
  • Develop and maintain comprehensive client GRC project plans, using Neutral Partners' supplied tools, to align the client's audit schedule and detail critical security compliance activities.
  • Provide clients with regular updates on IT and security compliance trends specific to their programs, ensuring they remain informed and proactive in their compliance efforts.
• Certification Guidance
  • Lead clients through the complete lifecycle of IT/security certifications, including SOC 2, ISO 27001, FedRAMP, and others.
  • Guide clients in leveraging the Secure Controls Framework (SCF) to align and rationalize control requirements across multiple frameworks.
• Assessment and Gap Analysis
  • Conduct comprehensive evaluations of clients' existing security controls and practices to identify areas for improvement.
  • Identify gaps in compliance with certification standards and provide actionable remediation recommendations.
  • Establish and manage a risk management process that aligns with the clients' selected security framework, ensuring ongoing compliance and risk mitigation.
  • Perform and support third-party/vendor risk management (TPRM) assessments, including evaluating vendor security posture and associated risks.
• Policy and Procedure Development
  • Draft, review, and update security policies, procedures, and documentation to align with certification requirements.
  • Ensure that all necessary documentation is comprehensive, up-to-date, and audit-ready.
• Implementation Support
  • Guide clients in implementing security controls, technologies, and best practices required for certification.
  • Assist with planning, preparing, and conducting internal audits.
• Client Training and Education
  • Educate clients on the certification process, including key milestones, deliverables, and expectations.
  • Conduct training sessions to ensure client teams have the knowledge and skills needed to maintain compliance.
• Audit Preparation and Liaison
  • Prepare clients for external audits by conducting pre-audit assessments, mock audits, and audit readiness reviews.
  • Serve as the primary point of contact for auditors, facilitating a smooth, successful audit by addressing inquiries and coordinating required documentation.
• Continuous Improvement
  • Stay updated on the latest developments in security standards, regulations, and certification requirements to provide informed guidance.
  • Continuously improve consulting methodologies and tools to enhance the client experience and outcomes.

Required Qualifications:

• Exceptional verbal communication skills and the ability to present confidently on video calls.
• Deep understanding of compliance frameworks such as NIST CSF, SOC 2, ISO 27001/27701, and knowledge of privacy laws such as GDPR and CCPA.
• Experience with various security architectures, risk management, and compliance.
• Strong ability to work independently in a remote environment.

Desired Qualifications for GRC Consultant:

• Certifications such as CISSP, CISA, CISM, or ISO 27001 Lead Auditor/Implementer.
• Bachelor's degree in information technology, cybersecurity, or a related field.
• Extensive knowledge of the NIST 800-53.
• Extensive understanding of HIPAA/HITECH Security Rule.
• Demonstrated experience in performing security, privacy, and AI risk assessments.
• Demonstrated experience in performing compliance assessments and implementing regulatory requirements.
• Demonstrated experience in writing policies, procedures, and other documentation within various information security frameworks.

Traits that Fit a GRC Consultant:

• Confident speaker who can clearly communicate compliance concepts on camera.
• Proactive self-starter who takes ownership of tasks and seeks solutions without micromanagement.
• Results-driven mindset, focused on helping clients successfully achieve their GRC objectives.
• Strong organizational skills with the ability to manage multiple projects simultaneously.
• Ability to work autonomously in a fully remote setting.
• Fast learner who quickly adapts to changing compliance requirements.
• Proven ability to manage client engagements across time zones using asynchronous communication and remote collaboration tools.

Position Details:

• Full-time, Remote

Why Join Neutral Partners:

• Work with a dynamic team focused on high-impact compliance projects.
• Help organizations achieve and maintain critical security certifications.
• Fully remote role with flexibility and autonomy.