Information Security / GRC (Governance, Risk, and Compliance) Consultant

At PDI Technologies, we empower some of the world's leading convenience retail and petroleum brands with cutting-edge technology solutions that drive growth and operational efficiency. 
By “Connecting Convenience” across the globe, we empower businesses to increase productivity, make more informed decisions, and engage faster with customers through loyalty programs, shopper insights, and unmatched real-time market intelligence via mobile applications, such as GasBuddy.  We’re a global team committed to excellence, collaboration, and driving real impact. Explore our opportunities and become part of a company that values diversity, integrity, and growth.
Role Overview:An Information Security / GRC Consultant ensures that an organization's information systems are secure and compliant with internal policies and external regulations. They advise on best practices, develop security policies, and help with risk assessments and audits.

Core Responsibilities

• 
  
Risk Management
• Perform risk assessments and gap analyses
• Identify and prioritize vulnerabilities and threats
• Recommend mitigation strategies
Governance & Compliance
• Develop and implement IT governance frameworks
• Provide advisory services focused on compliance with regulations and standards including (but not limited to):
• HIPAA
• PCI-DSS
• SOX
• GLBA
• FISMA
• CMMC
Security Policy and Documentation
• Create and maintain security policies, procedures, and standards.
• Support the development of Business Continuity and Disaster Recovery Plans
Audit & Monitoring
• Prepare for internal and external audits.
• Support ongoing compliance reporting and evidence collection.
Advisory & Training
• Advise on cybersecurity investments and architecture
• Provide security awareness training
• Act as a liaison between technical teams and leadership

Skills and Qualifications

• 
  
Technical Knowledge:
• Familiarity with firewalls, intrusion detection/prevention, endpoint security, identity management
• Mastery of networking, operating system, and software development fundamentals
• Understanding of cloud security (AWS, Azure, GCP)
• Experience with tools like Nessus, Qualys, Splunk, Archer, ServiceNow GRC
Frameworks & Standards:
• NIST (800-53, CSF), ISO/IEC 27001
• CIS Critical Security Controls
• FedRAMP, HITRUST, SOC 2
Soft Skills:
• Strong communication and documentation skills
• Analytical thinking
• Ability to manage multiple stakeholders
• Results-oriented time management
Certifications:
• CISSP (Certified Information Systems Security Professional)
• CCSP (Certified Cloud Security Professional)
• CISA (Certified Information Systems Auditor)
• CRISC (Certified in Risk and Information Systems Control)
• CISM (Certified Information Security Manager)

PDI is committed to offering a well-rounded benefits program, designed to support and care for you, and your family throughout your life and career.  This includes a competitive salary, market-competitive benefits, and a quarterly perks program. We encourage a good work-life balance with ample time off [time away] and, where appropriate, hybrid working arrangements.  Employees have access to continuous learning, professional certifications, and leadership development opportunities. Our global culture fosters diversity, inclusion, and values authenticity, trust, curiosity, and diversity of thought, ensuring a supportive environment for all.