Echelon Risk + Cyber1 week ago

Risk Advisory GRC Consultant - Remote (USA)

Echelon Risk + Cyber

Remote · United States

United StatesRemoteFull TimeMid LevelNot SpecifiedUnknown

Type

Full Time

Level

Mid Level

Education

Not Specified

Company size

Unknown

Job Summary

Lead and execute risk advisory client engagements focusing on SOC 2 Type I/II readiness, ISO 27001, PCI DSS, HITRUST, HIPAA, and CMMC Level 2; test IT General Controls (ITGCs), document findings, and provide practical remediation recommendations; prepare and review audit workpapers and client-facing deliverables; work directly with clients to identify and assess information security risks, develop security policies and procedures, and deliver remediation guidance; contribute to incident response planning, tabletop exercises, and business continuity engagements; manage multiple concurrent engagements and build strong internal and client relationships; stay current with evolving frameworks and audit standards; create content for the organization's website and blog and participate in the cybersecurity community.

Required Qualifications

2–4 years of hands-on experience in IT audit, compliance, or GRC consulting, with a focus on SOC 2 Type I/II audits, ISO 27001 assessments, or related attestation engagements
Demonstrated understanding of IT General Controls (ITGCs), Trust Services Criteria, and audit standards such as SSAE 18 or ISAE 3402
Ability to conduct risk assessments, compliance reviews, and readiness evaluations across frameworks, including SOC 2, ISO 27001, PCI DSS, HITRUST, and HIPAA
Strong analytical skills with the ability to identify and assess complex risk scenarios and offer practical solutions
Familiarity with leading GRC tools and technologies to support compliance and risk management initiatives
Excellent communication and presentation skills, capable of articulating technical concepts to technical and non-technical audiences
Strong project management skills, including managing multiple engagements and deliverables simultaneously while maintaining high quality and client satisfaction standards
Prior experience at a Big 4 firm, a mid-tier CPA/advisory firm, or a boutique IT audit/attestation firm is strongly preferred
Applicants must have authorization to work in the United States without current or future visa sponsorship.

Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.

Hiring someone like this?

Get your role in front of qualified candidates on Sorce.

Get started