Demo

Compliance Consultant – GRC Practice

Artemis Connection
Seattle, WA Remote Contractor
POSTED ON 4/5/2026
AVAILABLE BEFORE 6/3/2026

About Artemis Connection

Artemis Connection is a strategic management consultancy working across the for-profit, public, and social sectors. We help clients around the world identify their most pressing strategic issues and staff teams of strategy consultants to roll up their sleeves and deliver impact. We are passionate about helping innovative and entrepreneurial leaders reach their goals through a customized, project-based approach.

Our GRC practice works with organizations managing complex compliance obligations, from FedRAMP and CMMC authorizations to SOC 2 and ISO 27001 certifications, across regulated industries including defense contracting, healthcare, financial services, and high-growth SaaS. We help clients build compliance programs that are durable, audit-ready, and integrated into how the business actually operates.

Our founder is Christy Johnson, an entrepreneur, educator, and former McKinsey Engagement Manager. Our team is made up of seasoned consultants trained at organizations such as McKinsey & Company, BCG, Bain, Big 4 Strategy, and elite educational institutions.

About the Role

In this role, you will serve as a subject matter resource within the GRC practice, responsible for delivering compliance assessments, framework implementations, and advisory engagements across a portfolio of clients. This role operates with substantial independence on day-to-day project work while escalating strategic or novel issues to senior leadership. You will be expected to own client relationships at the operational level and contribute to business development activities.

What You'll Do

Client Engagement & Delivery

Lead and execute compliance assessments across one or more regulatory and standards frameworks, including but not limited to SOC 2 Type I/II, ISO 27001, CMMC 2.0, NIST CSF, HIPAA, PCI-DSS, and FedRAMP. This includes scoping engagements, developing project plans, conducting gap analyses, running control testing procedures, drafting findings reports, and presenting results to client leadership. Manage multiple concurrent engagements across different clients and frameworks with minimal supervision.

Framework Translation & Reconciliation

Map overlapping frameworks and identify where controls satisfy multiple standards simultaneously. Advise clients on crosswalk strategies that reduce duplicative compliance work, consolidate evidence collection, and rationalize audit schedules. This requires fluency in how frameworks differ in scope, applicability, and control philosophy beyond their surface-level requirements.

Risk Assessment & Control Design

Conduct qualitative and semi-quantitative risk assessments, evaluate control design effectiveness, and recommend compensating or corrective controls appropriate to client operating environments. Evaluate technical controls — access management, encryption, logging and monitoring, vulnerability management — as well as administrative and physical controls. Recommendations must be grounded in both the relevant standard and the practical operational context of the client.

Policy & Documentation Development

Draft, review, and revise information security policies, procedures, standards, and control narratives. This work must be tailored to client context rather than template-driven, with clear mapping to applicable framework requirements and operational workflows. Write at a professional level sufficient for board-level consumption and audit artifact use.

Audit Support & Remediation Management

Support clients through external audits and certification processes, serving as the primary liaison between the client and auditors during evidence collection phases. Post-audit, develop and track remediation plans, monitor control implementation progress, and validate remediation effectiveness before closure.

Business Development Support

Contribute meaningfully to the practice's pipeline. This includes participating in proposal development, scoping and estimating new engagements, identifying expansion opportunities within existing client relationships, and representing the practice at industry events or working groups. You will not typically be expected to originate large engagements independently but should be able to identify and advance opportunities through the pipeline with principal-level support.

What You Bring

Required

  • Minimum bachelor's degree in information systems, computer science, business, law, or a closely related field, or equivalent demonstrated experience
  • Minimum 5 years of experience in compliance, information security, audit, or a directly related advisory function, including at least two years in a consulting or client-facing delivery role
  • Demonstrated hands-on experience with at least two of the following: SOC 2, ISO 27001, CMMC 2.0, NIST CSF, HIPAA, PCI-DSS, or FedRAMP
  • At least one active professional certification — CISA, CISSP, CISM, CRISC, or CCSFP are most relevant to this role
  • Strong written and verbal communication skills, including the ability to convey technical findings to non-technical audiences with clarity and precision

Preferred

  • Experience with GRC platforms such as Vanta, Drata, OneTrust, ServiceNow GRC, or Archer
  • Exposure to regulated industries — healthcare, defense industrial base, financial services, or government contracting
  • Familiarity with cloud security architecture concepts across AWS, Azure, or GCP, and how cloud-native environments affect control design and evidence collection
  • Experience in a Big Four or mid-market advisory firm environment
  • Minimum 2 years of consulting experience

What Makes Someone Successful Here

At the mid-career level, the practice expects this consultant to distinguish themselves not merely by technical knowledge but by judgment. This means knowing when a control deficiency represents a material risk versus a paperwork gap, when to push back on a client's preferred approach versus defer to their operational constraints, and when a finding warrants escalation to the engagement principal versus direct resolution.

The consultant should be transitioning from executing others' methodologies toward developing and refining their own analytical frameworks. Client relationships should feel to the client like they have a trusted advisor, not a task-order fulfillment resource.

Compensation and Structure

This role is structured as a project-based engagement, typically 12 months in duration with the possibility to extend based on client needs and performance. This role is remote, with occasional travel potentially required based on client needs. Compensation is competitive and commensurate with experience; details will be discussed during the interview process.

Hourly Wage Estimation for Compliance Consultant – GRC Practice in Seattle, WA
$50.00 to $65.00
If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

What is the career path for a Compliance Consultant – GRC Practice?

Sign up to receive alerts about other jobs on the Compliance Consultant – GRC Practice career path by checking the boxes next to the positions that interest you.
Income Estimation: 
$73,707 - $95,263
Income Estimation: 
$91,142 - $116,690
Income Estimation: 
$80,876 - $132,043
Employees: Get a Salary Increase
View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

Job openings at Artemis Connection

Program Manager with Strong SQL and Data Skills
Apply
  • Artemis Connection Seattle, WA
  • We are seeking an experienced Program Manager with strong analytical and data skills to tackle complex, high-visibility challenges and translate large data... more
  • 9 Days Ago
Project/Program Manager with Experience with the US Department of Veterans Affairs
Apply
  • Artemis Connection Seattle, WA
  • Artemis Connection is a strategic management consultancy working across the for-profit, public and social sectors. We help clients around the world identif... more
  • 9 Days Ago
Project/Program Manager with experience with US Department of Veterans Affairs / VHA / IHT
Apply
  • Artemis Connection Seattle, WA
  • Artemis Connection is a strategic management consultancy working across the for-profit, public and social sectors. We help clients around the world identif... more
  • 9 Days Ago
Risk Management Consultant – GRC Practice
Apply
  • Artemis Connection Seattle, WA
  • About Artemis Connection Artemis Connection is a strategic management consultancy working across the for-profit, public, and social sectors. We help client... more
  • 13 Days Ago
View More Jobs at Artemis Connection

Not the job you're looking for? Here are some other Compliance Consultant – GRC Practice jobs in the Seattle, WA area that may be a better fit.

Governance Consultant – GRC Practice
Apply
  • Artemis Connection Seattle, WA
  • About Artemis Connection Artemis Connection is a strategic management consultancy working across the for-profit, public, and social sectors. We help client... more
  • 13 Days Ago
Principal Consultant - GRC Compliance - PCI
Apply
  • kallesgroup Seattle, WA
  • ABOUT KALLES GROUP: Everyone deserves to be secure. Our mission at Kalles Group is to help secure the future for companies of all shapes and sizes. While o... more
  • 1 Month Ago
View More Jobs

AI Assistant is available now!

Feel free to start your new journey!