GRC CMMC Consultant jobs in United States
cer-icon
Apply on Employer Site
company-logo

InfoHedge Technologies LLC · 1 day ago

GRC CMMC Consultant

positionTampa, FL
timeFull-time
remoteOnsite
seniorityEntry, Mid Level
date2+ years exp

InfoHedge Technologies LLC is a rapidly growing technology solutions provider focusing on Cloud, Cyber Security, Networking, Disaster Recovery, and Managed Services. The GRC CMMC Consultant is a client-facing role responsible for building, managing, and maintaining cybersecurity compliance programs for clients, primarily in the government sector, ensuring they meet various compliance standards and frameworks.

Financial ServicesHedge FundsInformation Technology
badNo H1Bnote

Responsibilities

Participates in day-to-day operations and client engagement activities across various client projects involving compliance readiness and security assessments
Supports the Abacode GRC Service Delivery team with conducting on-going and new assessments of controls, processes, and procedures across multiple clients and compliance standards: NIST 800-171 (CMMC), SOC 2, ISO 27001, HIPAA, PCI DSS, NIST CSF and CIS
Supports clients with maintaining compliance with such frameworks by guiding them through control execution and evidence collection and review
Supports compliance, policy, procedural, and technical review of client information security and/or compliance program(s), providing maturity and improvement recommendations based on experience and industry best practices
Performs security controls gap analysis and identification based on compliance mandates, standards, and security benchmarks
Documents security controls inventory of client systems within the GRC portals
Conducts general cybersecurity Risk Assessments
Provides tactical guidance aimed at helping clients meet compliance requirements across applicable security standards and frameworks
Performs audit liaison activities, guiding and assisting clients with audit preparation, evidence identification and gathering, and responding to audit questions
Manages compliance requirements across multiple clients in parallel
Works with clients to identify opportunities for improvement for client’s security controls
Builds internal company partnerships and collaborates with team leaders to determine the company's services, delivery criteria, and solutions for issues that may arise
Supports evidence collection for internal Abacode/Thrive audits
Identifies and makes suggestions for improvements when problems and/or opportunities arise
Keeps up to date with developments in the cybersecurity, privacy, and GRC areas of specialization

Qualification

NIST 800-171SOC 2ISO 27001CMMCHIPAAPCI DSSRisk AssessmentsProject ManagementClient EngagementInterpersonal SkillsCommunication SkillsTeam PlayerSelf-Motivated

Required

Bachelor's Degree in related field or relevant work experience
2-4 years of experience conducting and documenting security risk assessments
Experience working in a client-facing consulting or service delivery capacity
Experience managing multiple clients/projects in parallel
Demonstrated understanding of control frameworks and regulatory requirements for NIST 800-171, NIST-CSF, SOC-2, and ISO 27001
Good understanding of the Department of Defense CMMC ruling and implications for the Defense Industrial Base
Proven ability to assess risks and controls and identify opportunities for improvement
Excellent written and verbal communication skills along with excellent interpersonal skills. Able to communicate confidently in a clear, concise, and articulate manner - verbally and written in the documentation produced
Self-motivated, positive attitude, and a team player
Ability to work independently and with minimal supervision

Preferred

Experience with general project management and customer success/service is strongly desired
Preferred experience with: HIPAA, PCI-DSS
Preferred prior experience working with GRC systems/tools
Preferred prior experience with general IT and Security auditing
Broad knowledge of information technology (basic networking principles), information security (such as identity and access management), and critical data protection practices (basic principles of encryption and sensitive data protection) is highly desirable

Company

InfoHedge Technologies LLC

twittertwitter
company-logo
InfoHedge Technologies is a premier Infrastructure-as-a-Service (“IaaS”) Managed Service Provider (“MSP”) to financial services community.
dateFounded in 2005
location
New York, New York, USA
people-size51-200 employees
web-link
https://www.infohedge.net

Funding

Current Stage
Growth Stage
Total Funding
unknown
2018-07-11Acquired
Company data provided by crunchbase