Job Description

Senior GRC Consultant

Location: New Jersey (Twice or Thrice a week visit to Midtown Manhattan)

Start Date: ASAP

Role Summary

The Senior GRC Consultant will support the Client's Governance, Risk, and Compliance (GRC) function with a focus on audit readiness, compliance program execution, and third-party risk management (TPRM). The role requires solid hands-on experience in security audits, regulatory compliance, and vendor risk processes, with the ability to engage confidently with internal stakeholders, external auditors, and third-party vendors.

Key Responsibilities

Audit & Compliance

• Coordinate and support external audits and regulatory assessments (SOC 1, SOC 2, SOX 404, ISO, NIST, HITRUST, FedRAMP, StateRAMP).
• Conduct evidence collection, validation, and mapping against control requirements.
• Support IT General Controls (ITGC) and application control testing.
• Develop and maintain compliance dashboards, audit documentation, and management reports.
• Facilitate meetings with external auditors to review scope, evidence, findings, and reports.

Third-Party Risk Management (TPRM)

• Manage vendor risk assessment processes, including onboarding due diligence and periodic reassessments.
• Review third-party SOC reports, security questionnaires, certifications, and regulatory attestations.
• Document and track third-party risks with business owners and monitor remediation activities.
• Maintain vendor risk registers and prepare periodic management reporting.
• Provide advisory input on TPRM framework improvements and regulatory alignment.

Advisory Support

• Recommend enhancements to governance structures, control frameworks, and compliance processes.
• Provide insights on emerging regulatory and industry trends.
• Participate in governance forums and service reviews, offering strategic input on long-term compliance objectives.

Required Qualifications

• 5+ years of combined experience in audit, compliance, and/or TPRM functions.
• Strong knowledge of compliance frameworks such as SOC 1, SOC 2, SOX 404, ISO, NIST, HITRUST, FedRAMP, and StateRAMP.
• Proven experience in third-party risk management, including vendor due diligence and ongoing monitoring.
• Strong documentation and reporting skills (dashboards, risk registers, audit reports).
• Excellent verbal and written communication skills with ability to lead discussions with auditors, regulators, and vendors.

Education & Certifications

• Bachelor's degree in Accounting, Computer Science, Business Administration, or related field (or equivalent).
• Certifications (completed or in progress) such as CISA, CPA, CIA, CFE

Nice-to-Have

• Experience supporting compliance programs in financial services or healthcare sectors.
• Familiarity with GRC or TPRM tooling (e.g., Archer, ServiceNow GRC, OneTrust, ProcessUnity).
• Hands-on experience with risk assessment methodologies (ISO 27005, NIST RMF).

Job Tags

Similar Jobs