Apply on Employer Site

UST · 1 month ago

Cybersecurity & Compliance Consultant

United States

Full-time

Remote

Mid, Senior Level

4+ years exp

UST is a mission-driven technology company that transforms lives through innovation. They are seeking a Cybersecurity & Compliance Consultant to guide clients in enhancing security measures, ensuring compliance, and implementing frameworks through consulting, audits, and risk management activities.

ConsultingInformation ServicesInformation Technology

Responsibilities

Lead consulting engagements across cybersecurity, risk management, and compliance domains

Advise clients on best practices, improvement strategies, and implementation approaches aligned with recognized standards

Translate regulatory and technical requirements into clear, actionable recommendations

Independently conduct internal audits and GAP analyses aligned with: ISO 27001, ISO 22301, ISO 27701, NIST CSF 2.0, DORA, NIS2, ENS, and other frameworks

Identify non-conformities and provide structured remediation plans

Prepare client-ready audit reports, risk registers, and compliance roadmaps

Facilitate and execute risk assessments (AARR, BIAs) across business processes and information systems

Apply methodologies such as ISO 31000, Magerit v3, and COSO to evaluate and treat risks

Support clients in adopting formal risk management practices

Review technical assessments to identify vulnerabilities and recommend mitigation strategies

Support cybersecurity initiatives including control implementation, incident response planning, and awareness programs

Validate security controls and document evidence of compliance

Serve as a primary point of contact for clients throughout engagements

Communicate technical requirements, project progress, findings, and recommendations clearly and effectively

Deliver presentations, training sessions, and executive briefings tailored to diverse audiences

Develop and maintain client documentation including policies, procedures, standards, and process guides

Ensure high-quality, audit-ready documentation for all consulting deliverables

Coordinate evidence collection efforts across client teams during audit and compliance activities

Qualification

ISO 27001CybersecurityComplianceRisk ManagementGDPRNIST CSF 2.0Incident responsePolicy developmentCommunicationDocumentation

Required

4+ years of experience in cybersecurity consulting, audits, compliance, or risk management

Expertise and/or certification in ISO 27001 (mandatory)

Working knowledge of international standards such as: ISO 22301, ISO 27701, ISO 27005, ENS, ISO 42001, NIST CSF 2.0, SOC 2, GDPR, DORA, NIS2, CMMC 2.0

Strong proficiency in risk assessment methodologies (ISO 31000, Magerit v3, COSO)

Experience with cybersecurity technologies such as firewalls, DLP, IDS/IPS, EDR, and other protection solutions

Experience supporting or participating in incident response activities

Excellent verbal and written communication skills in English

Bachelor's degree in Computer Engineering, Telecommunications, or a related field; Master's in Cybersecurity preferred