[Remote] Cyber GRC Consultant

Note: The job is a remote job and is open to candidates in USA. Rapid Strategy is a company focused on cybersecurity solutions, and they are seeking a motivated Cyber GRC Consultant to join their security team. This role involves supporting the development, implementation, and maintenance of cybersecurity governance, risk management, and compliance programs while working closely with internal stakeholders.

Responsibilities

• Develop and maintain cybersecurity policies, standards, and procedures to align with industry best practices and regulatory, legal, and business requirements
• Conduct security risk assessments of critical applications & third-party vendors
• Partner with stakeholders to prioritize and implement risk mitigation strategies
• Continuously evaluate and enhance cybersecurity GRC processes to adapt to changing threats, technologies, and business needs
• Support internal audits and control testing activities to monitor compliance with cybersecurity frameworks (e.g., NIST CSF, PCI DSS, GDPR, CCPA)
• Maintain accurate records of the risk register, compliance activities and evidence for audits and regulatory inquiries
• Support security awareness initiatives and training activities across the organization
• Maintain GRC dashboards and reporting
• Support the management of the Security Champions program
• Stay informed of emerging cybersecurity regulations, risks, and industry best practices
• Support other security activities as required

Skills

• Bachelor's degree in Cybersecurity, Information Technology, Business, Communications, or equivalent practical experience
• 5 plus years of experience in cyber risk management, auditing, or compliance
• GRC platforms (e.g., Knowbe4, ServiceNow, Vanta)
• Strong written and verbal communication skills, with the ability to simplify and present complex cybersecurity topics to diverse audiences
• Analytical thinking and research abilities to support risk assessments, audits, and compliance initiatives
• High attention to detail, accuracy, and organization in documentation and reporting
• Ability to work collaboratively across technical and non-technical teams
• Demonstrated ethical judgment and critical thinking in decision-making processes
• Experience with cybersecurity frameworks such as NIST CSF, ISO 27001, PCI DSS, SOC 2 Type 2, or GDPR
• Demonstrated breadth and depth of expertise across core cybersecurity domains, including risk management, incident response, governance, secure software development, vulnerability management, security operations, etc
• Ability analyze data to derive risk insights
• A proactive and strategic mindset, focused on identifying potential risks and developing innovative solutions to ensure ongoing compliance and mitigate potential issues

Company Overview