Role: GRC Consultant
Location: Oakland, CA (Remote/Hybrid)
Duration: 4–5 months (initial engagement)
Pay Rate: $65 to $70
Overview: The client is seeking a hands-on Cyber GRC & Data Security Governance Consultant to lead a foundational “clean-and-build” initiative. This is not an advisory or project management role; the requirement is for a true GRC practitioner who can independently own and execute governance processes end-to-end. The ideal candidate will have deep, hands-on experience working within GRC platforms, building and managing controls, risk, compliance, and audit processes, as well as supporting the development of a comprehensive Data Security Governance program.
Core Responsibilities & Deliverables
- GRC Process Ownership & Execution: Own and execute core Cyber GRC functions including building and managing control libraries, risk registers, compliance workflows, evidence collection processes, policy exceptions, and audit response activities
- NIST CSF Validation: Conduct a deep-dive review of current security controls (Identity, Network, Cloud) to assess alignment, effectiveness, and documentation gaps against NIST CSF / NIST 800-53
- GRC Platform Management: Hands-on configuration and management of GRC tools (Archer, Hyperproof, ServiceNow GRC, OneTrust, AuditBoard or similar), including centralizing policies, controls, risks, and audit artifacts
- Data Security Governance (DSG): Design and implement a data governance framework including data classification, data handling standards, access governance, retention policies, encryption requirements, DLP controls, and third-party data risk management
- Policy Centralization: Review, rationalize, and migrate existing policies and SOPs into the GRC platform while ensuring alignment to controls, standards, and regulatory requirements
- Audit Readiness: Establish sustainable audit and compliance processes including documentation standards, evidence tracking, version control, and review cadences
- Control & Risk Management: Perform hands-on risk assessments, control design, and validation while mapping controls to policies, standards, and regulatory frameworks
- Incident Response Modernization: Review and enhance the Incident Response Plan and associated processes to align with NIST and organizational requirements
Required Experience
- 5+ years of hands-on Cyber GRC experience with proven ownership and execution of GRC programs (not just coordination or support roles)
- Hands-on experience configuring and managing GRC platforms such as Archer, ServiceNow GRC, OneTrust, Hyperproof, AuditBoard, or similar
- Strong experience implementing and operationalizing NIST CSF and/or NIST 800-53 frameworks
- Demonstrated experience building and managing control libraries, risk registers, compliance workflows, audit processes, and governance deliverables
- Experience in Data Security Governance including data classification, handling standards, access governance, retention, encryption, DLP, and third-party data risk management
- Strong technical writing skills with ability to develop detailed, actionable security policies, standards, and SOPs
- Strong understanding of security controls (MFA, EDR, SIEM, encryption, etc.) to validate effectiveness of implementations
