By Light Professional IT Services

GRC Consultant

Job Locations US-MD-Hanover
Posted Date 5 days ago(3/23/2020 2:04 PM)
# of Openings
Information Technology


By Light’s cybersecurity team, EmberSec, is hiring a full-time GRC Consultant to support the GRC practice. The GRC consultant will play a critical role in guiding the assessment team in its duties of conducting/validating controls, running vulnerability scans, producing reports and control writeups. They will also be a key member of the GRC team that works with various clients, advising on data protection strategies, tooling, and overall cloud compliance and security. This position will be fast paced, hands-on and customer focused. The qualified candidate must possess technical proficiency, have the ability to think-outside-of-the-box for operational success, and be comfortable interfacing with customers and team members across all business programs. 


  • Serve as a Assessor and as Trusted Advisor
  • Assess cyber-related policy, procedures, legislation, and implementation directives
    Assess and or remediate compliance with industry statutes and regulations across multiple industries that are relevant to IT (e.g. HITRUST, FEDRAMP, NIST, etc.)
  • Develop and operationalize enterprise information security programs and related components
  • Perform information risk, security and related compliance assessments, including testing of related controls
  • Conduct on-site client engagements
  • Initiate and manage multiple projects concurrently
  • Collaborate with partners and customers to identify information systems and networks in scope for assessments
  • Cultivate knowledge of up-to-date cybersecurity protocols through participation in industry events, seminars, blogs, and membership in professional associations
  • Provide guidance on the administration and maintenance of security systems infrastructure, applications, devices, tools and software services in the cloud.

Required Experience/Qualifications

  • Seven or more (7+) years in IT networking, risk, compliance and security
  • 3+ years of experience conducting audit risk style assessment either internal or external
  • Bachelor's degree (four-year college or university) in an IT-security or cybersecurity
  • Ability to comfortably interact with senior management and clients in a consultative manner
  • Knowledge and awareness of the latest information risk, security and compliance innovations, trends, challenges and solutions
  • Exposure to industry acclaimed information governance, risk and security standards, frameworks and best practices (i.e. HITRUST, NIST, FedRAMP, etc.)
  • Excellent customer service and project management skills
  • Experience in IT security audit and compliance
  • Basic knowledge of a scripting language (i.e. Powershell, Phyton, etc.)
  • Knowledge with configuring and running vulnerability scanning tools (i.e. Nessus, Rapid 7, cloudcheckr)
  • Knowledge with threat modeling and application processes
  • Knowledge in networking and security operations (on-premise and cloud)
  • Demonstrated entrepreneurial abilities, client focus, industry savvy, and the ability to work independently or as part of a collaborative team
  • Knowledge of information security related solutions, tools and automation
  • Ability to present or lead technical presentations and discussions
  • Able to produce and build department best practices, procedures and methodologies for improving GRC practice
  • Advanced written and verbal communication skills
  • Strong analytical and interpersonal characteristics
  • Ability to work both independently and collaboratively
  • Strong consistency in values, principles, and work ethic
  • Self-driven in a remote working environment, motivation to continuously improve your skillset
  • Ability to travel up to 50%.

Preferred Experience/Qualifications

  • Experience providing guidance on the administration and maintenance of security systems infrastructure, applications, devices, tools and software services in the cloud
  • HITRUST, CISA, GIAC, or CRISC certification(s) or willingness to obtain
  • DevSecOps knowledge or the willingness to learn
  • AWS, Azure, Google Cloud Platform certification(s) and or the willingness to obtain.


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed