Governance, Risk & Compliance Consultant

We are a premier cybersecurity consultancy, blending advanced offensive and defensive strategies to safeguard our customers.

With a team known for its contributions to cybersecurity research at platforms like Black Hat and DEF CON, we excel at identifying and mitigating sophisticated threats. Large enterprises from a range of industries trust us for advanced adversarial emulation and for critical support in managing their cyber frameworks. Governments trust us with classified projects, relying on our precision and discretion to handle sensitive information securely.

We’re a small group that makes a big impact. Our deep technical expertise and our commitment to clients continues to fuel our success, and with success comes growth – we’re currently searching for a GRC Consultant with a strong cybersecurity consulting background…

In this position your mandate is to ensure that our clients meet the stringent cybersecurity standards set by regulatory bodies in their industries and jurisdictions. Working remotely, you'll advise clients on best practices, develop work plans, harness resources, and ultimately drive engagements to completion.

This is a challenging role, but also an outstanding opportunity to join an accelerating startup in a position that’s crucial to the company’s continued success.

• Provide guidance and support to client organizations throughout their cybersecurity maturity journey, helping them to build robust cybersecurity roadmaps.
• Work with clients to design and implement right-sized cybersecurity controls in line with global industry, sector, and regulatory frameworks and standards.
• Collaborate with clients’ teams to develop and implement risk treatment methodologies and plans necessary to achieve and maintain their program compliance.
• Clearly articulate cybersecurity requirements to client organizations’ employees of all levels to ensure understanding and senior leadership sponsorship.
• Assist organizations with the review and update of existing security policies and procedures to align with evolving requirements and best practices in cybersecurity.
• Prepare detailed reports on the status of an organization's cybersecurity compliance. Prepare and deliver thoughtful, insightful, and professional presentations to clients and internal Malleum stakeholders.
• Keep abreast of the latest cybersecurity threats and trends, as well as updates to the relevant industry standards such as the CMMC framework.
• Achieve utilization targets, complete projects on time and budget, and meet quality standards.
• Study, learn, test, document, execute and seek to continuously improve scalable consulting services processes to effectively deliver customer engagements while achieving a high level of customer satisfaction.
• Execute project planning, scheduling, and other coordination of internal and client resources to conduct interviews, meetings, and presentations.
• Develop a thorough understanding of our solution and service offerings, sales process, marketing materials, contract and statement of work (SOW) structure, methodologies, delivery standards, work tools, and processes.
• Pursue additional education and stay current on best practices, technical skills, and tools related to the position's duties.

We’re looking for a star. As an ideal candidate you’re a natural consultant: driven, highly organized, autonomous and analytical, with outstanding communication and interpersonal skills, and the ability to quickly establish your credibility and build trusting relationships with clients.

You thrive under pressure, you learn fast, and your expertise stretches beyond typical GRC work into the implementation of cybersecurity controls to support clients’ continuous improvement efforts.

It is essential that you fulfill the requirements to acquire a SECRET level II security clearance.

• Post-secondary education in information technology, computer science, or equivalent combination of education and experience.
• 5-8 years of experience in IT security, risk management, or compliance.
• Current certification as a Registered Practitioner Advanced (RPA) or Registered Practitioner (RP) is an asset. The ability to achieve a Registered Practitioner (RP) credential under the CMMC version 2.0 framework is essential.
• In-depth knowledge of the CMMC framework, NIST SP 800-171, and DFARS 252.204-7012 regulations.
• Relevant professional certifications such as CISSP, CRISC, CISA, CISM, coupled with advanced knowledge of a range of cybersecurity technologies and solutions.
• Skilled and experienced in managing projects and leading consulting engagements, with a record of delivering exceptional value to clients.
• Experience with cybersecurity systems and infrastructure design and configuration is a significant asset.
• Superior communication and presentation skills with the ability to explain complex security concepts to non-technical staff.
• Exceptional client-service orientation, with the ability to build trust and develop rapport with a broad range of client stakeholders, including Defense Industrial Base compliance and information system professionals.
• Independent and autonomous, with the drive to seek out and leverage internal resources as needed, and proactively take ownership of their work and career development.
• Excellent analysis and problem-solving skills, especially in the information systems, security, and privacy space.
• Ability to learn new subject matter and context quickly and to maintain market and subject matter awareness.
• Ability to understand SOWs, customer proposals, project notes, deliverables, and final reports; assimilate previous experience, relevant subject matter, data, facts, and results; and develop relevant questions of colleagues to hasten understanding scenarios, methodologies, processes, and "lessons learned."