Senior Associate Consultant - Regulatory Compliance

We are seeking a Consultant specializing in Security Governance, Risk, and Compliance (GRC) with a strong focus on security compliance assessments, particularly against NIST frameworks. This role requires a combination of security and consulting subject matter expertise, and client-facing communication skills to deliver high-quality solutions tailored to each client’s unique security and compliance needs.

The ideal candidate will be proactive, detail-oriented, and capable of independently driving workstreams while contributing to the broader success of client engagements. This is a challenging yet rewarding role that provides an opportunity to work with diverse set of clients across multiple industries.

• Apply compliance frameworks (e.g., NIST, ISO, etc.) to assess, design, and implement security controls for enterprise environments.
• Conduct compliance gap assessments, develop remediation plans, and guide clients through audit readiness processes.
• Create and maintain key documentation such as risk assessments, controls mapping, compliance roadmaps, and policies tailored to client needs.
• Ensure alignment with regulatory requirements and standards, such as NIST, CMMC, ISO 27001, or SOC 2, based on the engagement scope.
• Stay informed of evolving compliance frameworks, regulatory changes, and security best practices to provide clients with up-to-date and actionable recommendations.
• Support clients in developing and maturing their GRC programs, with an emphasis on measurable security improvement and compliance sustainability.

• Manage and run defined workstreams with minimal oversight, ensuring continuity and success across client engagements.
• Maintain workstream RAID documentation (Risks, Assumptions, Issues, Dependencies) and proactively mitigate risks to keep projects on track.
• Communicate project status, risks, and decisions clearly and effectively to clients, ensuring transparency and alignment.
• Produce client-ready drafts of deliverables with minimal rework, adhering to professional quality standards.
• Leverage QA checklists and processes to identify issues early and ensure consistency across deliverables.
• Analyze tradeoffs, present options, and provide well-reasoned recommendations, escalating challenges along with proposed solutions when necessary.
• Independently sustain progress on client engagements during critical periods, maintaining momentum for up to 5–10 business days if required.
• Contribute to client knowledge transfer and training efforts, ensuring operational teams are equipped to maintain compliance post-engagement.

• Undergraduate technical degree in Engineering, Computer Science, IT Management, Cybersecurity, or related field preferred, but not required.
• Minimum of 4-6 years’ professional, relevant experience, with at least 2 years in a client facing role.
• 1–2 professional and/or technical certifications in IT security, cloud security, or application security (e.g., CompTIA Security+, ISC^2 CC, etc.)
• Solid understanding of common compliance frameworks (e.g., NIST, ISO, CMMC, etc.) and their application in enterprise environments.
• Strong technical knowledge of what good evidence looks like for assessments beyond policy and procedure language. A technical assessment will be performed during the interview process to confirm this critical skill.
• Knowledge of cybersecurity technologies (e.g., SIEM, vulnerability management, endpoint security) and their integration with compliance mandates.
• Hands-on experience with tools and platforms supporting GRC workflows (e.g., Archer, ServiceNow GRC, or similar).
• Excellent verbal and written communication skills (high proficiency in Microsoft Office Suite required).
• Comfortable addressing and presenting to groups in virtual or in-person settings.
• Strong problem-solving abilities, capable of addressing complex and abstract challenges.
• Exceptional interpersonal skills, with the ability to connect and collaborate with diverse personalities and stakeholders.