Senior Manager, GRC Advisory

• Manage priorities and project hours to meet delivery deadlines and achieve utilization targets.
• Escalate client and project challenges promptly to involve necessary resources.
• Maintain communication with client engagement across all levels, fostering collaborative relationships.
• Work with internal teams to ensure customer satisfaction and project success.
• Manage team performance and hiring decisions.
• Mentor and coach team members in consulting methodologies, technical skills, and writing.
• Stay updated on industry developments and maintain relevant certifications.
• Identify and escalate upsell and cross-sell opportunities to the sales team.
• Lead advisory projects, workshops, and compliance-related engagements.
• Conduct evaluations to ensure compliance with security frameworks (e.g., NIST, HITRUST, ISO).
• Develop and review IT security documents, policies, and plans.
• Advise on and improve client security programs and compliance strategies.
• Support system security for cloud and on-premises environments in line with frameworks.
• Create tools and recommendations to enhance client security posture.
• Mentor project teams on compliance methodologies and industry standards.
• Participate in hiring interviews for roles across various levels.
• Maintain strong depth of knowledge in the practice area, seek professional development opportunities, and maintain industry-specific certifications.
• Establish account relationships and identify upsell and cross-sell opportunities, escalating them to sales as appropriate.
• Lead complex and less complex projects, guiding the customer and all resources successfully through the project lifecycle.
• Lead advisory projects from start to finish, including workshops, gap analyses, document development projects, and ad hoc consulting support.
• Execute examination, interview, and test procedures in accordance with compliance advisory security control framework requirements (e.g., NIST SP 800-53A Revision 4, HITRUST CSF, ISO 27002, SOC 2).
• Ensure cybersecurity policies are adhered to and that required controls are implemented.
• Validate information system security plans or policy/procedure documentation to ensure compliance advisory control requirements are met.
• Author recommendations associated with findings to help improve the customer's security posture.
• Closely follow industry developments and trends to develop and maintain industry-specific policies, procedures, and training.
• Lead IT system security consultations within cloud-based and on-premises environments, following framework-specific security guidance (e.g., NIST SP 800-53, HITRUST CSF, ISO 27002).
• Develop System Security Plans, Configuration Management, IT Contingency and Incident Response Plans, security policies/procedures, and risk assessment plans in accordance with compliance framework requirements.
• Prepare, review, update, and maintain IT Security supporting artifacts.
• Provide guidance to Information System Owners on security matters.
• Identify information security problems and challenges, researching and developing technical solutions to rectify them.
• Demonstrate expertise in control requirements and test procedures of security compliance frameworks (e.g., NIST SP 800-53A Revision 4 and 5, HITRUST CSF, ISO 27002, PCI).
• Ensure cybersecurity policies are adhered to and required controls are implemented; offer recommendations for improvement if controls are not met.
• Validate information system security plans to ensure control requirements are met.
• Develop technical content, such as procedures, policies, risk management tools, etc., to assist clients in building and improving their security programs for system authorization.
• Travel: up to 20%

• Minimum of 5 years or more of working experience in information technology, information security, technical assessment, or audits
• Significant knowledge of information governance, risk and security standards/frameworks and professional practices (ISO/IEC 27001:2022, ISO/IEC 27701:2019 (and/or its mapped references ISO/IEC 29100:2011, ISO/IEC 27018:2019), ISO/IEC ISO/IEC 9001:2015, ISO/IEC 42001:2022, Health Insurance Portability and Accountability Act (HIPAA), HITRUST, System and Organization Controls (SOC) 2, or National Institute of Standards and Technology (NIST) frameworks such as NIST SP 800-53 or SP 800-171).
• ISO/IEC 27001 Lead Auditor Certificate
• Bachelor's Degree in Computer Science, Information Systems Management, Information Security, Business or equivalent experience required
• At least one of the following Advanced certifications or equivalent in cybersecurity or cloud: CISSP, CISA, CISM, CCSP, CRISC, and/or cloud specific certification (AWS, GCP, or Azure) or specialty certification in security
• Significant experience in understanding and applying relevant technical knowledge, the typical enterprise risk and security operational practices, information security related solutions, tools and utilities.
• Knowledge in conducting multi-framework consolidated compliance assessment activities
• Detailed understanding of IT security technologies including network and application security, firewalls, access management, and data protection
• Experience with virtualization and cloud technologies
• Experience with client-server and traditional on-premises architecture
• Familiarity with statutes and regulations across multiple industries relevant to IT
• Demonstrated ability to lead moderately complex system assessments/consulting engagements independently, to assist team members with proper artifact collection and interviewing clients to ascertain control implementation details, to read and interpret firewall rulesets and to create network/boundary/data flow diagrams and interpret and explain control families
• Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience
• Strong consulting skills; ability to advise and challenge the status quo while building strong relationships
• Ability to build high-trust relationship and credibility quickly
• Ability to lead projects successfully and delegate up and across
• Strong attention to detail
• Strong problem solving, decision making, organizational and analytical skills
• Ability to prioritize and manage multiple initiatives/projects.
• Ability to be self-driven and have strong independent initiative.
• Strong excel skills with ability to develop worksheets with complex formulas
• Ability to facilitate meetings to small or large groups
• Diplomatic and broad minded
• Ability to lead teams small to large teams in the assessment and internal environments
• Ability to speak to Cloud Service Providers to resolve issues and come to a conclusion of the assessment

• Strong knowledge of container-based architecture
• Knowledge of various cloud environments, including AWS, GCP, and Azure.
• ISO 9001:2015 Lead Auditor
• HITRUST CCSFP
• Certified Information Privacy Professional (CIPP/US)
• Big Four Advisory/Consulting Experience
• DevSec Ops Experience.
• AWS, Azure, Google Cloud Platform certification(s).

PI274655853