Information Security/GRC Consultant

At PDI Technologies, we empower some of the world's leading convenience retail and petroleum brands with cutting-edge technology solutions that drive growth and operational efficiency.  
By “Connecting Convenience” across the globe, we empower businesses to increase productivity, make more informed decisions, and engage faster with customers through loyalty programs, shopper insights, and unmatched real-time market intelligence via mobile applications, such as GasBuddy.  We’re a global team committed to excellence, collaboration, and driving real impact. Explore our opportunities and become part of a company that values diversity, integrity, and growth. 
Role Overview:  The Information Security / GRC Consultant ensures that an organization's information systems are secure and compliant with internal policies and external regulations. They advise on best practices, develop security policies, and help with risk assessments and audits.  Where relevant, the Information Security / GRC Consultant interfaces with other members of the client organization’s information technology and risk management teams to aid in the effective development and execution of the organization’s GRC program. 
This role requires a confident, competent mastery of the subject matter, steadfast commitment to customer success, and an empathetic, reasoned approach to all interactions. 

Key Responsibilities

• Risk Management: Perform risk assessments and gap analyses, Identify and prioritize vulnerabilities and threats, Recommend mitigation strategies.
• Governance & Compliance: Develop and implement IT governance frameworks, Provide advisory services focused on compliance with regulations and standards including (but not limited to): HIPAA, PCI-DSS, SOX, GLBA, FISMA, CMMC.
• Security Policy and Documentation: Create and maintain security policies, procedures, and standards, Support the development of Business Continuity and Disaster Recovery Plans.
• Audit & Monitoring: Prepare for internal and external audits, Support ongoing compliance reporting and evidence collection. 
• Advisory & Training: Advise on cybersecurity investments and architecture, Provide security awareness training, Act as a liaison between technical teams and leadership.

Required Qualifications

• Technical Knowledge: 
*Familiarity with firewalls, intrusion detection/prevention, endpoint security, identity management *Mastery of networking, operating system, and software development fundamentals *Understanding of cloud security (AWS, Azure, GCP) *Experience with tools like Nessus, Qualys, Splunk, Archer, ServiceNow GRC 
• The Ability to Speak to the Following Frameworks & Standards:
*NIST (800-53, CSF), ISO/IEC 27001 *CIS Critical Security Controls *FedRAMP, HITRUST, SOC 2 
• Soft Skills:
*Strong communication and documentation skills *Analytical thinking *Troubleshooting acumen *Ability to manage multiple stakeholders *Results-oriented time management  
• Education and Experience: 
*Three or more years in a consulting or advisory role related to information security *A bachelor's degree in a related field or equivalent experience *Industry-recognized, maintained information technology and/or security certification(s) (e.g. CISSP, CISA, CCSP, ITIL) 

Preferred Qualifications

• While are credentials as listed above will be reviewed, added consideration will be given to those with leadership experience, education, and/or certifications (e.g. CISM, CRISC, C|CISO). 

PDI is committed to offering a well-rounded benefits program, designed to support and care for you, and your family throughout your life and career.  This includes a competitive salary, market-competitive benefits, and a quarterly perks program. We encourage a good work-life balance with ample time off [time away] and, where appropriate, hybrid working arrangements.  Employees have access to continuous learning, professional certifications, and leadership development opportunities. Our global culture fosters diversity, inclusion, and values authenticity, trust, curiosity, and diversity of thought, ensuring a supportive environment for all.