Senior GRC Consultant

US-Remote (Work From Home)
1 week ago
# of Openings
Professional Security Services


NTT Security is seeking a Senior GRC Consultant. This individual will have an active role operating as a security consultant working directly with NTT Security account managers and clients including as a project lead supervising junior GRC consultants. These responsibilities will include performing client security evaluations based on various security frameworks and compliance initiatives, leading presales consulting activities, implementing security solution designs as well as holding client discussions related to emerging security risks, technologies, and systems.



  • Lead information security assessments:
    • Determine security risks and compliance requirements
    • Conduct document reviews and interviews against compliance requirements and best-practices
    • Develop recommendations for remediating risk and compliance gaps
    • Write deliverable reports
    • Maintain report templates
  • Lead pre-sales activities:
    • Explain NTT Security’s service offerings
    • Identify appropriate services for client needs
    • Scope projects and develop time and cost estimates
    • Write proposals and Statements of Work
    • Maintain proposal and Statement of Work templates
    • Maintain scoping questionnaires
  • Support marketing
    • Lead security research and development efforts
    • Write informational sheets and whitepapers
    • Conduct presentations for clients and at security conferences
  • Pre-sales and assessment activities are conducted remotely and on-site with clients.
    • The majority of NTT Security’s clients are spread throughout the United States
    • In some instances international travel may be required



  • 4 year degree with 2+ years’ work experience, or 2 year degree with 4+ years’ work experience, or 6+ years of progressive technical work experience
  • Experience assessing compliance with HIPAA, PCI-DSS, and/or ISO 27000
  • Experience with risk analysis methodologies and risk management frameworks
  • Familiarity with NIST SP 800 Series and SOC-2 requirements
  • PCI QSA certification (preferably current)
  • ISO 27000 Lead Auditor or ISO 27000 Lead Implementer a plus
  • SOX, FISMA, Safe Harbor, NERC/FERC experience is a plus
  • Hands on technical background with infrastructure technologies and operating systems is a plus
  • Vulnerability scanning/pen testing technique experience is a plus
  • Versatility – able to quickly adapt to new technologies and client environments
  • Excellent attention to detail
  • Strong interpersonal and customer relationship skills
  • Strong public-speaking skills
  • Ability to work under pressure and to very short timelines
  • Ability to communicate effectively at all levels; Excellent written English
  • Ability to work independently as needed yet always thinking as part of a team
  • Excellent knowledge of Microsoft Office products, especially Excel and Word
  • Ability to travel up to 50%


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed