Job Description:

Summary: We are seeking a highly motivated and experienced GRC Consultant with a strong focus on risk management to join our team. The ideal candidate will be responsible for identifying, assessing, and mitigating risks that may impact our client’s operations, compliance, and strategic objectives. This role requires a deep understanding of risk management frameworks, compliance standards, technical infosec tools and technologies, and the ability to collaborate effectively with cross-functional teams.

Key Responsibilities:

1. Risk Identification and Assessment:

• Conduct comprehensive risk assessments to identify potential threats and vulnerabilities.
• Analyze and prioritize risks based on their potential impact on the organization.
• Collaborate with department heads and subject matter experts to gather risk-related information.
• Evaluate technical vulnerability reports to contextualize actual the actual risks presented to the business.
• Assess network architecture and technical stacks to identify information security gaps.

1. Risk Monitoring:

• Continuously monitor and analyze internal and external factors that could impact the organization’s risk profile. 
• Stay updated on industry trends, regulations, and emerging risks.
1. Risk Mitigation and Control:
• Develop and implement risk mitigation strategies and controls to reduce exposure.
• Develop and monitor key risk indicators (KRIs) and key performance indicators (KPIs) to ensure timely detection of emerging risks.
• Evaluate and recommend improvements to existing risk management processes and controls.

1. Compliance Management:

• Stay updated on relevant industry regulations, standards, and best practices.
• Ensure compliance with regulatory requirements by developing and maintaining compliance programs.
• Assist in the preparation of compliance reports for regulatory agencies and internal stakeholders.

1. Reporting and Communication:

• Prepare and deliver regular risk reports to senior management and stakeholders.
• Communicate risk findings and recommendations effectively to different levels of the organization.
• Collaborate with external auditors during audits and provide necessary documentation.
• Deliver quantitative risk reports.

1. Cross-Functional Collaboration:

• Work closely with IT and security teams to assess and enhance cybersecurity controls.
• Collaborate with internal departments to implement risk mitigation measures and ensure compliance.
• Act as a subject matter expert and provide guidance on risk-related matters.
• Act as liaison to articulate specific technical findings into contextual business risk specific to the organization based on specific threats to the business sector.

Qualifications:

• Bachelor's degree in a relevant field (e.g., Risk Management, Business Administration, Information Security) [master’s degree or relevant certifications a plus] or relevant experience.
• 3 years of proven experience in GRC, with a focus on risk management.
• Strong knowledge of risk management frameworks (e.g., COSO) and industry standards (e.g., ISO 31000, NIST).
• Familiarity with compliance regulations and standards (e.g., GDPR, HIPAA, SOX).
• Proficiency in risk assessment methodologies and tools.
• Excellent analytical, problem-solving, and decision-making skills.
• Effective communication and presentation abilities.
• Ability to work independently and in cross-functional teams.
• Relevant certifications (e.g., CISSP, CISA, CRISC) a plus.
• Hands-on experience in working with cybersecurity tools to determine technology risks strongly preferred.