GRC CMMC Consultant

About Us 

Thrive is a rapidly growing technology solutions provider focusing upon Cloud, Cyber Security, Networking, Disaster Recovery and Managed Services. Our corporate culture, engineering talent, customer-centric approach, and focus upon “next generation” services help us stand out amongst our peers. Thrive is on the look-out for individuals who don’t view their weekdays spent at “a job”, but rather look to develop valuable skills that ignite their passion and lead to a CAREER. If you’re attracted to a “work hard, play hard” environment, seeking the guidance, training and experience necessary to build a lucrative career, then welcome to THRIVE!!

Position Summary 

The Governance, Risk, and Compliance (GRC) CMMC Consultant is a client-facing role that helps build, manage, and maintain cybersecurity compliance programs for clients across various industries, primarily within the government sector where most clients will be government contractors or sub-contractor providers that need to comply with government regulations.

The GRC Consultant supports the Assessment, Program Establishment, and Support work required for Abacode’s clients to become and remain compliant with their respective cybersecurity and privacy frameworks. The GRC Consultant develops client reporting and metrics, updates dashboards, and collects and validates evidence/artifacts.

Primary Responsibilities 

• Participates in day-to-day operations and client engagement activities across various client projects involving compliance readiness and security assessments
• Supports the Abacode GRC Service Delivery team with conducting on-going and new assessments of controls, processes, and procedures across multiple clients and compliance standards: NIST 800-171 (CMMC), SOC 2, ISO 27001, HIPAA, PCI DSS, NIST CSF and CIS
• Supports clients with maintaining compliance with such frameworks by guiding them through control execution and evidence collection and review
• Supports compliance, policy, procedural, and technical review of client information security and/or compliance program(s), providing maturity and improvement recommendations based on experience and industry best practices
• Performs security controls gap analysis and identification based on compliance mandates, standards, and security benchmarks
• Documents security controls inventory of client systems within the GRC portals.
• Conducts general cybersecurity Risk Assessments
• Provides tactical guidance aimed at helping clients meet compliance requirements across applicable security standards and frameworks
• Performs audit liaison activities, guiding and assisting clients with audit preparation, evidence identification and gathering, and responding to audit questions
• Manages compliance requirements across multiple clients in parallel
• Works with clients to identify opportunities for improvement for client’s security controls
• Builds internal company partnerships and collaborates with team leaders to determine the company's services, delivery criteria, and solutions for issues that may arise
• Supports evidence collection for internal Abacode/Thrive audits
• Identifies and makes suggestions for improvements when problems and/or opportunities arise
• Keeps up to date with developments in the cybersecurity, privacy, and GRC areas of specialization
  
  

Basic Qualifications

• Bachelor's Degree in related field or relevant work experience
• 2-4 years of experience conducting and documenting security risk assessments
• Experience working in a client-facing consulting or service delivery capacityExperience managing multiple clients/projects in parallel
  • Experience with general project management and customer success/service is strongly desired
• Demonstrated understanding of control frameworks and regulatory requirements for NIST 800-171, NIST-CSF, SOC-2, and ISO 27001
• Preferred experience with: HIPAA, PCI-DSS
• Good understanding of the Department of Defense CMMC ruling and implications for the Defense Industrial Base
• Proven ability to assess risks and controls and identify opportunities for improvement.
• Excellent written and verbal communication skills along with excellent interpersonal skills. Able to communicate confidently in a clear, concise, and articulate manner - verbally and written in the documentation produced
• Broad knowledge of information technology (basic networking principles), information security (such as identity and access management), and critical data protection practices (basic principles of encryption and sensitive data protection) is highly desirable.
• Preferred prior experience working with GRC systems/tools.
• Preferred prior experience with general IT and Security auditing.
• Self-motivated, positive attitude, and a team player.
• Ability to work independently and with minimal supervision.