Grc Consultant

Job Statement:

NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense. AI-driven intelligence in our Nopal360 platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time. Our service packages, which are each tailored to a clients needs and budget, and external threat analysis, which provides critical intelligence at no-cost, help to democratize cybersecurity by making enterprise-grade defenses and security operations available to organizations of all sizes. NopalCyber lowers the barrier to entry while raising the bar for security and service.

We are looking for a detail-oriented and proactive GRC professional with hands-on experience in SOC 2 Type 1 and Type 2, NIST CSF, NIST SP and ISO 27001 controls.

Job Responsibilities:

• Lead and support the implementation, maintenance, and continuous improvement of information security compliance programs, specifically focusing on SOC 2 Type 1 and Type 2, NIST Cybersecurity Framework (CSF), NIST Special Publications (SP , and ISO 27001.
• Develop, review, and update security policies, procedures, and guidelines to align with relevant compliance frameworks and regulatory requirements.
• Conduct risk assessments and gap analyses against SOC 2, NIST, and ISO 27001 controls to identify areas for improvement and ensure audit readiness.
• Prepare and compile documentation, evidence, and responses for audit requests efficiently and accurately.
• Support the identification, assessment, and mitigation of information security risks in accordance with established risk management frameworks (e.g., NIST RMF).
• Contribute to risk assessments and business impact analysis.
• Maintain comprehensive documentation of security controls, compliance activities, and remediation plans.
• Prepare regular reports on compliance status, key metrics, and areas of concern for management and stakeholders.
• Perform comprehensive third-party risk assessments to evaluate vendor compliance with information security policies.
• Develop and maintain TPRM processes to monitor and mitigate risks associated with external vendors.
• Ensure effective communication and documentation of third-party risk assessments.
• Assist in drafting and updating organizational policies and procedures for governance and compliance.

Job Specifications:

1. Qualification:

2. Bachelors degree in Engineering or closely related coursework in technology development disciplines

3. Certifications Security+, CEH, ISO 27001 Lead Implementer/Lead Auditor, CISA, CISM (good to have, but not mandatory)

4. Experience:

5. Total Experience (2): 2-4 years

6. Seniors: 5 to 8 years

Knowledge and Experience:

• Demonstrable experience with the implementation and/or auditing of SOC 2 Type 1 and Type 2.
• Solid understanding and practical experience with NIST Cybersecurity Framework (CSF) and NIST Special Publications (e.g., SP
• Knowledge of various security domains such as network security, application security, data privacy, and vulnerability management.
• Strong understanding of information security principles and related compliance controls. Ability to articulate the relevance of the security controls
• Experience in delivery of Information Security risk and compliance advisory services
• Experience in management consulting and information security audits
• Experience around technology risk assessments
• Hands-on experience in GRC projects
• Proficient in preparation of reports, dashboards and documentation
• Ability to research and develop new risk-based security offerings
• Comfortable working in a project based / client serving model

Personal Attributes

• Self-starter and quick learner requiring minimal ramp-up
• Excellent written, oral, and interpersonal communication skills
• Highly self-motivated, self-directed, and attentive to detail
• Ability to effectively prioritize and execute tasks in a high-pressure environment