Cybersecurity (GRC) Consultant

Position Summary: We are seeking a Senior Cybersecurity GRC Consultant specializing in Governance, Risk, and Compliance (GRC), ideally with a background progressing from IT operations into cybersecurity. This individual will leverage a minimum of 5 years of cybersecurity experience and at least 2 years of project management experience to drive key security initiatives. The role demands a strong ability to interpret and apply cybersecurity control frameworks (NIST, CIS, ISO) to develop practical security policies, inform strategic planning, and implement robust GRC programs across diverse technical environments (cloud, on-premises, identity management). The Consultant will be collaborating extensively with clients both virtually and through required on-site travel to conduct thorough cyber risk assessments, collect baseline metrics, attend meetings, evaluate compliance, advise on mitigation, and manage related projects. Experience with security tools (SIEM, EDR, etc.) and developing reporting metrics is essential. Proven project management skills are required to successfully manage multiple concurrent IT, cybersecurity, and GRC initiatives.

Essential Duties & Responsibilities:

• Implement, manage, and assess security controls, policies, and standards based on NIST, CIS, ISO, and other relevant frameworks, aligning with business objectives and regulatory requirements.
• Lead and conduct comprehensive cybersecurity risk assessments.
• Manage and mature Governance, Risk, and Compliance (GRC) processes, including defining control ownership, continuous monitoring, testing, automation, and reporting.
• Provide guidance on risk mitigation strategies, remediation activities, and compliance requirements (e.g., PII, PCI DSS, CJIS).
• Manage the full lifecycle of multiple IT, cybersecurity, and GRC projects concurrently, including planning, execution, resource coordination, stakeholder communication, and ensuring timely delivery within scope.
• Review security platforms (e.g., SIEM, EDR, GRC tools) to support assessment, monitoring, and reporting activities.
• Deliver and maintain cybersecurity metrics, dashboards, and evidence artifacts for management and stakeholders, documenting control gaps and remediation progress.
• Develop and deliver cybersecurity training, table-tops, workshops, and awareness materials for the internal Cybersecurity and GRC team.
• Collaborate effectively with client IT operations, internal stakeholders, and clients (both remotely and in-person during site visits) to ensure effective implementation and understanding of security controls and policies.

Education Requirements:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field, and equivalent and 5 years of demonstrated practical experience AND minimum 2+ years of direct experience managing multiple IT, cybersecurity, and/or GRC projects concurrently, demonstrating successful delivery.
  OR
• Minimum 9 years of hands-on experience in cybersecurity; demonstrating progression from IT operations is highly desirable, with minimum 2 years of direct experience managing multiple IT, cybersecurity, and/or GRC projects concurrently, demonstrating successful delivery.

Qualifications/Requirements:

• Stay current with emerging threats, vulnerabilities, and applicable regulations.
• Proven expertise in applying NIST, CIS, and/or ISO control frameworks to technical environments including cloud services (e.g., AWS, Azure, GCP), on-premises networks and systems, and identity management solutions.
• Demonstrated experience performing comprehensive cybersecurity risk assessments and developing actionable recommendations.
• Solid understanding of security data analysis and experience with tools such as SIEM.
• Familiarity with the roles and services provided by Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs).
• Ability and willingness to travel regularly to client locations within the United States and abroad.

Preferred Qualifications:

• Airport or national critical infrastructure experience.
• Relevant project management certification (e.g., PMP, PRINCE2).
• Relevant security certifications (e.g., CISSP, CISA, CRISC, CISM).
• Experience with specific GRC platforms (e.g., ServiceNow GRC, Archer, OneTrust).
• Understanding of Disaster Recovery and Business Continuity (DR/BC) frameworks and processes.
• Fluency in Spanish (Bilingual).

Working Conditions:

• Requires regular travel (estimated 25-40%) to client sites across the U.S. and abroad for activities including risk assessments, tabletops, workshops, client meetings, and baseline data collection/current state analysis.
• Able to manage multiple priorities and deadlines effectively

At Mead & Hunt we shape the future by putting people first. If you have strong communication and organizational skills, are self-motivated, and can work well both independently and as part of a team, we can help you grow your career working with industry experts on exciting projects. Complete the online application at www.meadhunt.com/careers if this matches your career goals.

Why Mead & Hunt?

• Strong Company Culture
• Robust Career Advancement, Training, & Growth Opportunities
• Employee-Owned Firm
• Flexible Schedules
• Diverse Skillsets, One Company
• Impressive Benefits Package

Mead & Hunt proudly offers medical, dental, and vision insurance, paid time off, paid sick leave, parental leave, a 401K plan with a generous company match, life and disability insurance, and an employee assistance program.

Salary Range: $110,000 to $140,000 - Actual compensation may vary due to other factors such as: experience, skill set or location.

#LICC2