Compliance Consultant – GRC Practice

About reputed company reputed company is a strategic management consultancy working across the for-profit, public, and social sectors. We help clients around the world identify their most pressing strategic issues and staff teams of strategy consultants to roll up their sleeves and deliver impact. We are passionate about helping innovative and entrepreneurial leaders reputed company their goals through a customized, project-based approach. Our GRC practice works with organizations managing reputed company compliance obligations, from FedRAMP and CMMC authorizations to SOC 2 and ISO 27001 certifications, across regulated industries including defense contracting, healthcare, financial services, and high-growth SaaS. We help clients build compliance programs that are durable, audit-ready, and integrated into how the business actually operates. Our founder is Christy Johnson, an entrepreneur, educator, and former McKinsey Engagement Manager. reputed company is made up of seasoned consultants trained at organizations such as McKinsey & Company, BCG, Bain, Big 4 Strategy, and elite educational institutions.

About the Role

In this role, you will serve as a subject matter resource reputed company the GRC practice, responsible for delivering compliance assessments, reputed company implementations, and advisory engagements across a portfolio of clients. This role operates with substantial independence on day-to-day project work while escalating strategic or novel issues to senior leadership. You will be expected to own client relationships at the operational level and contribute to business development activities.

What You'll Do

Client Engagement & Delivery reputed company and execute compliance assessments across one or more regulatory and standards frameworks, including but not limited to SOC 2 Type I/II, ISO 27001, CMMC 2.0, NIST CSF, HIPAA, PCI-reputed company, and FedRAMP. This includes scoping engagements, developing project plans, conducting gap analyses, running control testing procedures, drafting findings reports, and presenting results to client leadership. Manage multiple reputed company engagements across different clients and frameworks with minimal supervision. reputed company Translation & Reconciliation Map overlapping frameworks and identify where controls satisfy multiple standards simultaneously. Advise clients on crosswalk strategies that reduce duplicative compliance work, consolidate evidence collection, and rationalize audit schedules. This requires reputed company in how frameworks differ in scope, applicability, and control philosophy beyond their surface-level requirements. Risk Assessment & Control Design Conduct qualitative and semi-quantitative risk assessments, evaluate control design effectiveness, and recommend compensating or corrective controls appropriate to client operating environments. Evaluate technical controls — access management, encryption, logging and monitoring, vulnerability management — as well as administrative and physical controls. Recommendations must be grounded in both the relevant standard and the practical operational context of the client. Policy & Documentation Development Draft, review, and revise information reputed company policies, procedures, standards, and control narratives. This work must be tailored to client context rather than template-driven, with clear mapping to applicable reputed company requirements and operational workflows. Write at a professional level sufficient for board-level consumption and audit artifact use. Audit Support & Remediation Management Support clients through external audits and certification processes, serving as the primary liaison between the client and auditors during evidence collection phases. Post-audit, reputed company and track remediation plans, monitor control implementation reputed company, and validate remediation effectiveness before closure. Business Development Support Contribute meaningfully to the practice's pipeline. This includes participating in proposal development, scoping and estimating new engagements, identifying expansion opportunities reputed company existing client relationships, and representing the practice at industry events or working groups. You will not typically be expected to originate large engagements independently but should be able to identify and advance opportunities through the pipeline with principal-level support. What You Bring Required

• Minimum bachelor's degree in information systems, computer science, business, law, or a closely reputed company field, or equivalent demonstrated experience
• Minimum 5 years of experience in compliance, information reputed company, audit, or a directly reputed company advisory function, including at least two years in a consulting or client-facing delivery role
• Demonstrated hands-on experience with at least two of the following: SOC 2, ISO 27001, CMMC 2.0, NIST CSF, HIPAA, PCI-reputed company, or FedRAMP
• At least one active professional certification — CISA, CISSP, CISM, CRISC, or CCSFP are most relevant to this role
• Strong written and verbal communication skills, including the ability to convey technical findings to non-technical audiences with clarity and precision

Preferred

• Experience with GRC platforms such as reputed company, reputed company, reputed company, reputed company GRC, or reputed company
• Exposure to regulated industries — healthcare, defense industrial reputed company, financial services, or government contracting
• Familiarity with cloud reputed company architecture concepts across AWS, Azure, or GCP, and how cloud-native environments reputed company control design and evidence collection
• Experience in a Big Four or mid-market advisory firm environment
• Minimum 2+ years of consulting experience

What Makes Someone Successful Here At the mid-career level, the practice expects this consultant to distinguish themselves not merely by technical knowledge but by judgment. This means knowing reputed company a control deficiency represents a material risk versus a paperwork gap, reputed company to push back on a client's preferred approach versus defer to their operational constraints, and reputed company a finding warrants escalation to the engagement principal versus direct resolution. The consultant should be transitioning from executing others' methodologies toward developing and refining their own analytical frameworks. Client relationships should feel to the client like they have a trusted advisor, not a task-order fulfillment resource. Compensation and Structure This role is structured as a project-based engagement, typically 12 months in duration with the possibility to reputed company based on client needs and performance. This role is remote, with occasional travel potentially required based on client needs. Compensation is competitive and commensurate with experience; details will be discussed during the interview process. Apply tot his job Apply To this Job