Senior Security Consultant - GRC jobs in United States
cer-icon
Apply on Employer Site
company-logo

Crux Security · 5 months ago

Senior Security Consultant - GRC

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level, Lead/Staff
date8+ years exp

Crux Security is seeking an experienced Senior Security Consultant - GRC to help organizations design, implement, and optimize security programs that align with business goals and regulatory requirements. The role focuses on governance, risk, and compliance (GRC), requiring the consultant to work closely with clients to assess security posture and ensure compliance with industry standards.

Cyber SecurityNetwork HardwareSecurity

Responsibilities

Security Program Consulting: Advise clients on security strategy, risk management, and compliance initiatives
Framework Implementation: Assess, implement, and align security programs with frameworks such as CMMC, NIST CSF, ISO 27001, CIS Controls, PCI DSS, SOC 2, HITRUST, and FedRAMP
Technical Control Implementation: Guide clients in implementing security controls across networks, applications, cloud environments, and endpoints
Risk Assessments & Gap Analysis: Conduct security risk assessments, maturity evaluations, and compliance gap analyses to provide actionable recommendations
Policy & Procedure Development: Develop and refine security policies, standards, and guidelines tailored to client environments
Compliance Readiness: Support clients in achieving regulatory compliance and preparing for audits and assessments
Security Awareness & Training: Educate stakeholders on best practices for risk management and security program sustainability
Executive-Level Advisory: Present findings and strategic recommendations to CISOs, IT leaders, and executive teams

Qualification

GovernanceRiskCompliance (GRC)Security FrameworksTechnical Control ImplementationRisk Management MethodologiesIdentity & Access Management (IAM)Security ArchitectureConsulting SkillsClient Management SkillsReport Writing SkillsPolicy CreationSecurity Awareness TrainingExecutive Advisory SkillsDevSecOps KnowledgeCloud Security KnowledgeGRC Tools FamiliarityPresentation Skills

Required

8+ years of experience in cybersecurity consulting, GRC, or security program management
Strong expertise in security frameworks (NIST, ISO 27001, SOC 2, CIS, PCI DSS, etc.)
Hands-on experience with technical control implementation across cloud, network, and endpoint security domains
Excellent consulting and client management skills—ability to communicate complex security concepts to technical and non-technical stakeholders
Experience with risk management methodologies, security assessments, and control validation
Strong knowledge of identity & access management (IAM), vulnerability management, and security architecture
Ability to develop roadmaps for security program maturity and track remediation efforts
Skilled in policy creation and management
Exceptional presentation, report writing, and executive advisory skills

Preferred

Certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor
Experience working in regulated industries (finance, healthcare, government, etc.)
Knowledge of DevSecOps, cloud security (AWS, Azure, GCP), and security automation
Familiarity with GRC tools and management concepts

Benefits

Competitive salary, benefits, and professional development opportunities.

Company

Crux Security

twittertwitter
company-logo
Crux Security provides tools for developing and managing security programs for growing companies.
location
Cedar Park, Texas, USA
people-size2-10 employees
web-link
https://www.cruxsecurity.ai

Funding

Current Stage
Early Stage
Company data provided by crunchbase