Governance, Risk & Compliance Consultant jobs in United States
info-icon
This job has closed.
company-logo

Malleum · 1 month ago

Governance, Risk & Compliance Consultant

positionUnited States
timeFull-time
remoteRemote
seniorityMid, Senior Level
date5+ years exp

Malleum is a premier cybersecurity consultancy known for its advanced strategies in safeguarding clients. The Governance, Risk & Compliance Consultant will ensure clients meet stringent cybersecurity standards, advising on best practices and developing work plans to drive engagements to completion.

Cyber SecurityInformation TechnologySecurity
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Provide guidance and support to client organizations throughout their cybersecurity maturity journey, helping them to build robust cybersecurity roadmaps
Work with clients to design and implement right-sized cybersecurity controls in line with global industry, sector, and regulatory frameworks and standards
Collaborate with clients’ teams to develop and implement risk treatment methodologies and plans necessary to achieve and maintain their program compliance
Clearly articulate cybersecurity requirements to client organizations’ employees of all levels to ensure understanding and senior leadership sponsorship
Assist organizations with the review and update of existing security policies and procedures to align with evolving requirements and best practices in cybersecurity
Prepare detailed reports on the status of an organization's cybersecurity compliance. Prepare and deliver thoughtful, insightful, and professional presentations to clients and internal Malleum stakeholders
Keep abreast of the latest cybersecurity threats and trends, as well as updates to the relevant industry standards such as the CMMC framework
Achieve utilization targets, complete projects on time and budget, and meet quality standards
Study, learn, test, document, execute and seek to continuously improve scalable consulting services processes to effectively deliver customer engagements while achieving a high level of customer satisfaction
Execute project planning, scheduling, and other coordination of internal and client resources to conduct interviews, meetings, and presentations
Develop a thorough understanding of our solution and service offerings, sales process, marketing materials, contract and statement of work (SOW) structure, methodologies, delivery standards, work tools, and processes
Pursue additional education and stay current on best practices, technical skills, and tools related to the position's duties

Qualification

CMMC frameworkNIST SP 800-171IT security experienceRisk managementCybersecurity certificationsCybersecurity controls implementationProject managementClient-service orientationAnalytical skillsCommunication skills

Required

Post-secondary education in information technology, computer science, or equivalent combination of education and experience
5-8 years of experience in IT security, risk management, or compliance
The ability to achieve a Registered Practitioner (RP) credential under the CMMC version 2.0 framework is essential
In-depth knowledge of the CMMC framework, NIST SP 800-171, and DFARS 252.204-7012 regulations
Skilled and experienced in managing projects and leading consulting engagements, with a record of delivering exceptional value to clients
Superior communication and presentation skills with the ability to explain complex security concepts to non-technical staff
Exceptional client-service orientation, with the ability to build trust and develop rapport with a broad range of client stakeholders, including Defense Industrial Base compliance and information system professionals
Independent and autonomous, with the drive to seek out and leverage internal resources as needed, and proactively take ownership of their work and career development
Excellent analysis and problem-solving skills, especially in the information systems, security, and privacy space
Ability to learn new subject matter and context quickly and to maintain market and subject matter awareness
Ability to understand SOWs, customer proposals, project notes, deliverables, and final reports; assimilate previous experience, relevant subject matter, data, facts, and results; and develop relevant questions of colleagues to hasten understanding scenarios, methodologies, processes, and 'lessons learned.'

Preferred

Current certification as a Registered Practitioner Advanced (RPA) or Registered Practitioner (RP) is an asset
Relevant professional certifications such as CISSP, CRISC, CISA, CISM, coupled with advanced knowledge of a range of cybersecurity technologies and solutions
Experience with cybersecurity systems and infrastructure design and configuration is a significant asset

Company

Malleum

twittertwittertwitter
company-logo
Malleum isn’t your everyday, run-of-the-mill security firm.
dateFounded in 2013
location
Ottawa, Ontario, CAN
people-size11-50 employees
web-link
https://www.redcanari.com

Funding

Current Stage
Early Stage

Leadership Team

leader-logo
Nadeem Douba
Founding Principal
linkedin
Company data provided by crunchbase