REMOTE - GRC Consultant
Ishita
GRC Consultant – RSA Archer / Information Security
Location: Remote, USA
Duration: 12+ Months
Job Summary
We are seeking an experienced GRC Consultant with strong expertise in information security governance, risk management, compliance assessments, and RSA Archer platform solutions. The ideal candidate will have hands-on experience conducting security assessments, managing governance/risk/compliance initiatives, and leveraging industry security frameworks to drive enterprise security maturity.
This role requires a strong blend of cybersecurity governance expertise, assessment execution capability, stakeholder communication, and hands-on RSA Archer experience, particularly in Product Security Assessment or related assessment modules.
Key Responsibilities
Governance, Risk & Compliance (GRC)
- Lead governance, risk, and compliance initiatives across enterprise security programs.
- Conduct security risk assessments, control evaluations, and compliance reviews.
- Analyze organizational security posture and recommend prioritized remediation actions.
- Support risk identification, treatment, mitigation, and governance reporting.
- Maintain alignment with enterprise information security governance requirements.
RSA Archer Administration / Assessment Management
- Work hands-on with RSA Archer, particularly:
- Product Security Assessment modules
- Security assessment workflows
- Risk evaluation processes
- Governance reporting
- Configure or support assessment lifecycle processes within Archer.
- Maintain security assessment workflows and reporting mechanisms.
Security Frameworks & Compliance Standards
Apply governance and assessment expertise across frameworks such as:
- NIST
- ISO 27001
- CIS Controls
- COBIT
- Internal enterprise security standards
Responsibilities include:
- Security control mapping
- Gap assessments
- Compliance readiness reviews
- Control effectiveness analysis
Security Analysis & Risk Management
- Analyze assessment data and security findings.
- Develop clear, risk-prioritized recommendations for remediation.
- Support enterprise risk treatment planning and governance reporting.
- Assist with audit readiness and security program improvements.
AI-Enabled Security Operations
- Utilize Generative AI tools for:
- Data analysis
- Security content review
- Workflow automation
- Assessment acceleration
- Apply AI-assisted productivity methods within professional security governance processes.
Stakeholder Communication & Advisory
- Communicate findings effectively to:
- Technical teams
- Security leadership
- Business stakeholders
- Risk / audit stakeholders
- Translate technical security findings into business-impact language.
- Operate independently and manage assigned workstreams end-to-end.
Required Skills
- RSA Archer
- GRC (Governance, Risk & Compliance)
- Information Security
- Security Risk Assessment
- Security Compliance
- Security Governance
- Risk Management
- Cybersecurity Controls Assessment
- Audit / Compliance Reviews
Security Framework Expertise
Strong working knowledge of:
- NIST
- ISO 27001
- CIS Controls
- COBIT
- Enterprise risk methodologies
Preferred Skills
- Product Security Assessment
- Security Governance Reporting
- AI-assisted workflow automation
- Security audit readiness
- Security control analysis
- Risk remediation planning
Education
Bachelor’s Degree in:
- Cybersecurity
- Information Security
- Computer Science
- Information Technology
- Risk / Audit / Related field
OR equivalent professional experience
Experience
8–10+ years of total experience, including:
- 5–8+ years in information security / GRC / audit / compliance
- Hands-on RSA Archer experience required