GRC CMMC Consultant jobs in United States
cer-icon
Apply on Employer Site
company-logo

Thrive · 5 days ago

GRC CMMC Consultant

positionTampa, FL
timeFull-time
remoteOnsite
seniorityEntry, Mid Level
date2+ years exp

Thrive is a rapidly growing technology solutions provider focusing on Cloud, Cyber Security, Networking, Disaster Recovery, and Managed Services. The GRC CMMC Consultant is a client-facing role responsible for building, managing, and maintaining cybersecurity compliance programs for clients, primarily in the government sector. This role involves conducting assessments, supporting compliance efforts, and providing tactical guidance to help clients meet their cybersecurity and privacy framework requirements.

Cloud ComputingCyber SecurityInformation TechnologyOutsourcing

Responsibilities

Participates in day-to-day operations and client engagement activities across various client projects involving compliance readiness and security assessments
Supports the Abacode GRC Service Delivery team with conducting on-going and new assessments of controls, processes, and procedures across multiple clients and compliance standards: NIST 800-171 (CMMC), SOC 2, ISO 27001, HIPAA, PCI DSS, NIST CSF and CIS
Supports clients with maintaining compliance with such frameworks by guiding them through control execution and evidence collection and review
Supports compliance, policy, procedural, and technical review of client information security and/or compliance program(s), providing maturity and improvement recommendations based on experience and industry best practices
Performs security controls gap analysis and identification based on compliance mandates, standards, and security benchmarks
Documents security controls inventory of client systems within the GRC portals
Conducts general cybersecurity Risk Assessments
Provides tactical guidance aimed at helping clients meet compliance requirements across applicable security standards and frameworks
Performs audit liaison activities, guiding and assisting clients with audit preparation, evidence identification and gathering, and responding to audit questions
Manages compliance requirements across multiple clients in parallel
Works with clients to identify opportunities for improvement for client’s security controls
Builds internal company partnerships and collaborates with team leaders to determine the company's services, delivery criteria, and solutions for issues that may arise
Supports evidence collection for internal Abacode/Thrive audits
Identifies and makes suggestions for improvements when problems and/or opportunities arise
Keeps up to date with developments in the cybersecurity, privacy, and GRC areas of specialization

Qualification

NIST 800-171SOC 2ISO 27001CMMCRisk AssessmentsClient-facing ConsultingProject ManagementGRC Systems/ToolsCommunication SkillsInterpersonal SkillsTeam Player

Required

Bachelor's Degree in related field or relevant work experience
2-4 years of experience conducting and documenting security risk assessments
Experience working in a client-facing consulting or service delivery capacity
Experience managing multiple clients/projects in parallel
Experience with general project management and customer success/service is strongly desired
Demonstrated understanding of control frameworks and regulatory requirements for NIST 800-171, NIST-CSF, SOC-2, and ISO 27001
Good understanding of the Department of Defense CMMC ruling and implications for the Defense Industrial Base
Proven ability to assess risks and controls and identify opportunities for improvement
Excellent written and verbal communication skills along with excellent interpersonal skills. Able to communicate confidently in a clear, concise, and articulate manner - verbally and written in the documentation produced
Broad knowledge of information technology (basic networking principles), information security (such as identity and access management), and critical data protection practices (basic principles of encryption and sensitive data protection)
Self-motivated, positive attitude, and a team player
Ability to work independently and with minimal supervision

Preferred

Preferred experience with: HIPAA, PCI-DSS
Preferred prior experience working with GRC systems/tools
Preferred prior experience with general IT and Security auditing

Company

Thrive

twittertwittertwitter
company-logo
Thrive Networks is an outsourced IT provider with an outstanding record of success we have achieved for clients.
dateFounded in 2000
location
San Francisco, California, USA
people-size1001-5000 employees
web-link
https://thrivenextgen.com/

Funding

Current Stage
Late Stage
Total Funding
$17.17M
2025-01-14Private Equity
2023-09-19Seed· $0.56M
2016-12-07Acquired

Leadership Team

leader-logo
Bill McLaughlin
Chief Executive Officer & Board Member
linkedin
leader-logo
Kevin Kivlochan
CEO European Operations
linkedin

Recent News

Yahoo Finance
Block, Inc. (XYZ)’s Square and Thrive Expand Partnership
2025-12-30
Investing.com
Top 5 Payment and IT Services Stocks for 2026 According to RBC Capital
2025-12-18
GlobeNewswire
Driving Innovation and Scale: Thrive Targets $1 Billion Market Position
2025-12-17
Company data provided by crunchbase