Seeking a Senior Associate Consultant in Security Governance, Risk, and Compliance (GRC) focusing on compliance assessments for enterprise environments using frameworks like NIST and ISO, managing client engagements, and developing remediation plans.
AHEAD builds platforms for digital business. By weaving together advances in cloud infrastructure, automation and analytics, and software delivery, we help enterprises deliver on the promise of digital transformation.
At AHEAD, we prioritize creating a culture of belonging, where all perspectives and voices are represented, valued, respected, and heard. We create spaces to empower everyone to speak up, make change, and drive the culture at AHEAD.
We are an equal opportunity employer, and do not discriminate based on an individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, marital status, or any other protected characteristic under applicable law, whether actual or perceived.
We embrace all candidates that will contribute to the diversification and enrichment of ideas and perspectives at AHEAD.
We are seeking a Consultant specializing in Security Governance, Risk, and Compliance (GRC) with a strong focus on security compliance assessments, particularly against NIST frameworks. This role requires a combination of security and consulting subject matter expertise, and client-facing communication skills to deliver high-quality solutions tailored to each client’s unique security and compliance needs.
The ideal candidate will be proactive, detail-oriented, and capable of independently driving workstreams while contributing to the broader success of client engagements. This is a challenging yet rewarding role that provides an opportunity to work with diverse set of clients across multiple industries.
Security Compliance Specifics
- Apply compliance frameworks (e.g., NIST, ISO, etc.) to assess, design, and implement security controls for enterprise environments.
- Conduct compliance gap assessments, develop remediation plans, and guide clients through audit readiness processes.
- Create and maintain key documentation such as risk assessments, controls mapping, compliance roadmaps, and policies tailored to client needs.
- Ensure alignment with regulatory requirements and standards, such as NIST, CMMC, ISO 27001, or SOC 2, based on the engagement scope.
- Stay informed of evolving compliance frameworks, regulatory changes, and security best practices to provide clients with up-to-date and actionable recommendations.
- Support clients in developing and maturing their GRC programs, with an emphasis on measurable security improvement and compliance sustainability.
Client Delivery
- Manage and run defined workstreams with minimal oversight, ensuring continuity and success across client engagements.
- Maintain workstream RAID documentation (Risks, Assumptions, Issues, Dependencies) and proactively mitigate risks to keep projects on track.
- Communicate project status, risks, and decisions clearly and effectively to clients, ensuring transparency and alignment.
- Produce client-ready drafts of deliverables with minimal rework, adhering to professional quality standards.
- Leverage QA checklists and processes to identify issues early and ensure consistency across deliverables.
- Analyze tradeoffs, present options, and provide well-reasoned recommendations, escalating challenges along with proposed solutions when necessary.
- Independently sustain progress on client engagements during critical periods, maintaining momentum for up to 5–10 business days if required.
- Contribute to client knowledge transfer and training efforts, ensuring operational teams are equipped to maintain compliance post-engagement.
Qualifications
- Undergraduate technical degree in Engineering, Computer Science, IT Management, Cybersecurity, or related field preferred, but not required.
- Minimum of 4-6 years’ professional, relevant experience, with at least 2 years in a client facing role.
- 1–2 professional and/or technical certifications in IT security, cloud security, or application security (e.g., CompTIA Security+, ISC^2 CC, etc.)
- Solid understanding of common compliance frameworks (e.g., NIST, ISO, CMMC, etc.) and their application in enterprise environments.
- Strong technical knowledge of what good evidence looks like for assessments beyond policy and procedure language. A technical assessment will be performed during the interview process to confirm this critical skill.
- Knowledge of cybersecurity technologies (e.g., SIEM, vulnerability management, endpoint security) and their integration with compliance mandates.
- Hands-on experience with tools and platforms supporting GRC workflows (e.g., Archer, ServiceNow GRC, or similar).
- Excellent verbal and written communication skills (high proficiency in Microsoft Office Suite required).
- Comfortable addressing and presenting to groups in virtual or in-person settings.
- Strong problem-solving abilities, capable of addressing complex and abstract challenges.
- Exceptional interpersonal skills, with the ability to connect and collaborate with diverse personalities and stakeholders.
The compensation range indicated in this posting reflects the On-Target Earnings (“OTE”) for this role, which includes a base salary and any applicable target bonus amount. This OTE range may vary based on the candidate’s relevant experience, qualifications, and geographic location.
Why AHEAD:
Through our daily work and internal groups like Moving Women AHEAD and RISE AHEAD, we value and benefit from diversity of people, ideas, experience, and everything in between.
We fuel growth by stacking our office with top-notch technologies in a multi-million-dollar lab, by encouraging cross department training and development, sponsoring certifications and credentials for continued learning.
USA Employment Benefits include:
- Medical, Dental, and Vision Insurance
- 401(k)
- Paid company holidays
- Paid time off
- Paid parental and caregiver leave
- Plus more! See benefits https://www.aheadbenefits.com/ for additional details.
Use of AI:
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, assessing responses, or to capture recordings and create transcriptions or summaries during interviews. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans.
If you would like more information about how your data is processed, please refer to the Candidate Privacy Notice or contact us at [email protected].
You may opt-out of the review or analysis of your application and resume by AI tools by using the General Application. Please include the role you wish to apply for in the Additional Information field. You may also choose to opt-out of recording and transcription at any time, including after joining an interview. Candidates will not be penalized for choosing to opt-out.
Top Skills
Archer
Cloud Security
Endpoint Security
Iso
Microsoft Office Suite
Nist
Servicenow Grc
SIEM
Vulnerability Management
Similar Jobs
Cloud • Fintech • Software • Business Intelligence • Consulting • Financial Services
The Senior Regulatory Compliance Consultant provides support for regulatory compliance, risk assessment, consulting for financial services, and compliance audits.
Top Skills:
Compliance Management SystemRegulatory ComplianceRisk Assessment
Cloud • Information Technology • Productivity • Security • Software • App development • Automation
As a Solution Consultant for the Data Center Platform, you will collaborate with clients to solve business challenges using Atlassian products, while creating technical content and guiding strategic outcomes to maximize client success.
Top Skills:
Atlassian ProductsCloud Computing ArchitecturesConfluenceCrowdIntegration MethodsJIRAJira Service Management
Artificial Intelligence • Automotive • Greentech • Information Technology • Machine Learning • Software • Cybersecurity
The Technical Customer Care Specialist resolves client application issues via multiple communication methods, provides product support, and ensures customer satisfaction while adhering to quality standards.
Top Skills:
Crm ToolGenesys Pure CloudSalesforce
What you need to know about the Colorado Tech Scene
With a business-friendly climate and research universities like CU Boulder and Colorado State, Colorado has made a name for itself as a startup ecosystem. The state boasts a skilled workforce and high quality of life thanks to its affordable housing, vibrant cultural scene and unparalleled opportunities for outdoor recreation. Colorado is also home to the National Renewable Energy Laboratory, helping cement its status as a hub for renewable energy innovation.
Key Facts About Colorado Tech
- Number of Tech Workers: 260,000; 8.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lockheed Martin, Century Link, Comcast, BAE Systems, Level 3
- Key Industries: Software, artificial intelligence, aerospace, e-commerce, fintech, healthtech
- Funding Landscape: $4.9 billion in VC funding in 2024 (Pitchbook)
- Notable Investors: Access Venture Partners, Ridgeline Ventures, Techstars, Blackhorn Ventures
- Research Centers and Universities: Colorado School of Mines, University of Colorado Boulder, University of Denver, Colorado State University, Mesa Laboratory, Space Science Institute, National Center for Atmospheric Research, National Renewable Energy Laboratory, Gottlieb Institute
