GRC Manager

Corvid Cyberdefense is searching for qualified candidates for a GRC Manager position. As a GRC (Governance, Risk, and Compliance) Manager at our innovative Managed Security Services Provider (MSSP), you will play a pivotal role in guiding organizations through the complexities of cybersecurity compliance. This client-facing position offers the opportunity to lead readiness assessments, interpret and apply various compliance frameworks, and ensure that our clients not only meet regulatory requirements but also achieve a robust security posture.

Role responsibilities include the following:

• Lead Readiness Assessments: Conduct comprehensive evaluations of clients' compliance status against key frameworks such as NIST, CMMC, HIPAA, and SOC 2, ensuring they are fully prepared for audits and ongoing compliance.
• Strategically Align Services: Utilize our cutting-edge MSSP tools to gather evidence and align our services with compliance requirements, demonstrating how our solutions enhance both compliance and security.
• Develop and Implement Policies: Craft and refine internal and client-facing policies and procedures that set the standard for sustainable, long-term compliance.
• Perform Advanced Risk Assessments: Apply your expertise in the NIST Risk
• Management Framework to conduct detailed risk assessments, identify vulnerabilities, and recommend actionable mitigation strategies.
• Build Lasting Compliance Programs: Work closely with clients to develop robust, enduring compliance programs that integrate seamlessly with their operational environment, fostering a culture of continuous improvement and security.
• Interface with Governing Bodies: Serve as a trusted advisor and liaison between clients and governing bodies, ensuring all communications and submissions are accurate, timely, and strategically aligned with the client’s objectives.

Qualifications:

• Experience in cybersecurity compliance, ideally with exposure to MSSP environments.
• Familiarity with compliance frameworks such as NIST, CMMC, HIPAA, and SOC 2.
• Experience in policy writing, evidence generation, and risk assessments.
• Understanding of the NIST Risk Management Framework and the ability to apply it to real-world scenarios.
• Certifications such as CISA, CISSP or CISM are preferred but not required. Experience will be prioritized over formal education or certifications.

Experience Requirements:

• Experience Level: 4-8 years of experience in cybersecurity compliance, risk management, or a related field.
• Client and Program Management: Proven experience managing client relationships or overseeing programs, including making strategic decisions that align with client needs and organizational goals.
• Autonomy: Ability to work independently, take ownership of projects, and drive them to completion with minimal supervision.
• Skill Proficiency: Strong ability to interpret and apply compliance frameworks, conduct risk assessments, and generate evidence. Capable of clearly explaining complex compliance concepts to clients.
• Problem-Solving: Skilled in identifying and resolving compliance challenges, optimizing processes, and enhancing evidence generation strategies.

Benefits:

• Paid gym membership
• Blue Cross Blue Shield insurance including Medical, Dental and Vision
• 401k match up to 6%
• Three weeks starting PTO; increasing with tenure
• Continued education and training opportunities
• Flexible Schedules

Why Corvid Cyberdefense?

We are a forward-thinking Managed Security Services Provider (MSSP) dedicated to delivering security solutions that are as unique as our clients. Our mission is to provide more than just compliance—we aim to foster a culture of security that empowers organizations to thrive in an increasingly complex digital landscape.

Our approach is holistic, integrating the latest in security technology with industry expertise to create solutions that are not only compliant but also secure and resilient. We believe in building partnerships with our clients, working closely with them to understand their unique challenges and providing tailored services that meet their specific needs.

Our Cybersecurity Compliance Department is at the heart of this mission. We don’t just help clients tick boxes; we help them build sustainable, long-term compliance programs that support their business goals. From readiness assessments and policy development to risk management and audit preparation, we’re with our clients every step of the way, ensuring they have the tools and knowledge to succeed.