GRC Advisory Consultant

Orion Innovation is a premier, award-winning, global business and technology services firm.  Orion delivers game-changing business transformation and product development rooted in digital strategy, experience design, and engineering, with a unique combination of agility, scale, and maturity.  We work with a wide range of clients across many industries including financial services, professional services, telecommunications and media, consumer products, automotive, industrial automation, professional sports and entertainment, life sciences, ecommerce, and education.

Expand the Governance, Risk and Compliance Security Consulting Practice. Successful candidates will provide our clients with guidance pertaining to security and privacy regulatory and industry standard requirements, security risk assessments, and GRC consulting.

Key job responsibilities will include:
• Leading vendor risk management engagements and formalized risk analysis engagements.
• Lead and guide information risk and security discussions with technical and non-technical groups
• Identify enterprise information security and compliance related problems and challenges; research and develop technical solutions to rectify them
• Develop and operationalize enterprise information security programs and related components
• Analyze client security programs for maturity and performance relating to industry accepted best practices.
• Develop recommendations for remediating risk and compliance gaps
• Evaluate information security risk in for business environment controls and industry requirements
• Provide client guidance for information security best practices.
• Follow standard methodologies for evaluating industry security controls based on formulized security frameworks.
• Execute in high demanding, fast paced environments with tight deadlines.
• Draft deliverable documentation to meet client security needs
• Create security roadmaps for client security program development and improvement.


Required Qualifications
• BA/BS in information technology or related field preferred
• 5-7 years of experience in security governance, risk assessments and regulatory/controls experience
• CISM, or CISA certification a plus
• Solid understanding of the evolving security and privacy controls environment, regulatory landscape and risk management techniques, principles and practices
• CISSP certification
• Assess clients against a wide variety of security and compliance frameworks including State based privacy and security regulations, SOX, GDPR, NIST-CSF, ISO/27001/2
• Experience and firm understanding of the development and implementation of information security policies, standards and related procedures for security programs
• Ability to provide risk-based recommendations based upon the size and complexity of the client’s organization
• Strong interpersonal and customer relationship skills
• Strong presentation skills with ability to convey ideas at the C-Level.
• Written communication skills for use in preparing formal documentation including deliverables, Statements of Work, proposals, white papers, and case studies
• Verbal skills that include the ability to clearly articulate thoughts, be persuasive and to deliver presentation and training to all levels of management
• Ability to undertake and complete tasks independently, meet schedules and delivery timelines, and to move swiftly from concepts and theory to action
• Ability to interface with C-levels, as well as tactical implementers
• Strong investigative and analysis skills with the ability to handle confidential information


Additional Qualifications
• Consulting experience is a plus
• Privacy experience a plus
• Understanding of available security tools and technologies
• Experience with Archer, OneTrust, Alyne or similar software

Orion is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, citizenship status, disability status, genetic information, protected veteran status, or any other characteristic protected by law.

Candidate Privacy Policy

Orion Systems Integrators, LLC and its subsidiaries and its affiliates (collectively, “Orion,” “we” or “us”) are committed to protecting your privacy. This Candidate Privacy Policy (orioninc.com) (“Notice”) explains:

• What information we collect during our application and recruitment process and why we collect it;
• How we handle that information; and
• How to access and update that information.

Your use of Orion services is governed by any applicable terms in this notice and our general Privacy Policy.