3+ years of relevant cybersecurity and GRC experience gained through direct industry work, consulting or client-facing advisory services
Bachelor’s degree in Cybersecurity, Information Systems, or related field, or equivalent experience
Professional certifications such as CISSP, CISM, CISA, CRISC, or equivalent
Experience with GRC platforms (StandardFusion, Apptega, Vanta, etc.)
Requirements:
Generate, analyze, and present cybersecurity service reports and dashboards to demonstrate program efficacy and maturity progress
Translate technical risks and data into business-relevant insights for stakeholders
Conduct cybersecurity risk assessments, control gap analyses, and maturity assessments; identify and evaluate risks, recommend remediation strategies, and track mitigation progress
Assist with audit readiness, evidence collection, compliance roadmaps, and remediation activities; ensure client alignment with regulatory and industry frameworks (NIST, ISO 27001, SOC 2, HIPAA, GDPR, PCI-DSS, etc.)
Job description
GRC Consultant
This is a fully remote position
PURPOSE The GRC Cybersecurity Consultant serves as a trusted advisor to Ascend clients, strategically enhancing their cybersecurity posture. This role supports the client’s development, delivery, and continual improvement of comprehensive cybersecurity and compliance programs aligned with frameworks such as NIST CSF, CIS Controls, ISO 27001, HIPAA Omnibus, SOC 2, PCI‑DSS, and other regulatory standards. The consultant also contributes to helping regulated clients prepare for audits (SOC 2, SEC, FDIC, etc.). This position works closely with both business and technical stakeholders to assess risks, implement controls, develop policies, support audit readiness, review security data, and communicate clear, business‑aligned recommendations. Strong presentation and communication skills are essential for translating complex cybersecurity concepts into actionable insights for diverse audiences.
RESPONSIBILITIES Client Engagement & Reporting
Generate, analyze, and present cybersecurity service reports and dashboards to demonstrate program efficacy and maturity progress.
Translate technical risks and data into business‑relevant insights for stakeholders.
Conduct research and provide guidance on emerging threats, regulatory changes, and new technologies.
Collaborate with internal resources to review vulnerability scans, penetration test results, and risk assessments.
Governance & Policy
Assist clients in developing, reviewing, and maintaining cybersecurity policies, standards, and procedures.
Support creation and continuous improvement of security governance frameworks aligned to business objectives.
Risk Management
Conduct cybersecurity risk assessments, control gap analyses, and maturity assessments.
Identify and evaluate risks, recommend remediation strategies, and track mitigation progress.
Support maintenance of risk registers and provide leadership reporting.
Compliance & Audit
Ensure client alignment with regulatory and industry frameworks (NIST, ISO 27001, SOC 2, HIPAA, GDPR, PCI‑DSS, etc.).
Assist with audit readiness, evidence collection, compliance roadmaps, and remediation activities.
Third‑Party Risk Management
Perform vendor security assessments and oversee third‑party risk processes.
Security Program Development
Support design, enhancement, and continuous improvement of client security programs.
Assist with building control frameworks and aligning them with best practices.
Provide guidance on cybersecurity strategy, roadmaps, and program governance.
Incident Preparedness
Assist clients with incident response planning, tabletop exercises, and business continuity initiatives.
Recommend improvements to detection, response, and recovery capabilities.
Internal Collaboration & Continuous Improvement
Work with Ascend Cybersecurity Leadership to identify improvement opportunities through data analytics and trend analysis.
Serve as a resource to Solutions Architects regarding cybersecurity professional services and data offerings.
Facilitate knowledge sharing and adaptability as client priorities evolve.
Support efficient operations within a leveraged cybersecurity services model.
Perform additional responsibilities as assigned.
REQUIRED SKILLS, EXPERIENCE, AND EDUCATION
Strong understanding of regulatory and security frameworks (HIPAA, CMMC, NIST CSF, NIST 800‑53, ISO 27001, SOC 2, etc.).
Hands‑on experience with risk assessments, control testing, audits, and policy development.
Excellent written and verbal communication skills.
Ability to collaborate across technical and non‑technical teams.
Strong analytical skills and attention to detail.
PREFERRED SKILLS, EXPERIENCE, AND EDUCATION
Bachelor’s degree in Cybersecurity, Information Systems, or related field, or equivalent experience.
Professional certifications such as CISSP, CISM, CISA, CRISC, or equivalent.
Experience with GRC platforms (StandardFusion, Apptega, Vanta, etc.).
3+ years of relevant cybersecurity and GRC experience, gained through direct industry work, consulting or client‑facing advisory services.
Strong problem‑solving and critical‑thinking abilities.
Ability to manage multiple engagements and deadlines.
Collaborative, customer‑centric mindset.
High integrity and commitment to confidentiality.
Starting Compensation Range: $100,000 per year
The salary for this position is commensurate with experience, skills, and qualifications. The range is intended to reflect our commitment to attracting top talent, and the final offer will be based on factors including, but not limited to, the candidate's previous experience, expertise in the field, relevant certifications, and the specific requirements of the role. In addition, internal equity, market trends, and geographic location may also influence the final salary.
Along with a competitive salary, we offer a comprehensive benefits package, including health, dental, and vision insurance, retirement savings options, flexible time off (FTO), and professional development opportunities. We are open to discussing compensation and benefits further during the interview process to ensure alignment with the candidate’s expectations and experience.
At Ascend Technologies we firmly believe that diversity, equity, and inclusion are not only fundamental values but also powerful drivers of innovation, growth, and success. We are committed to fostering an environment where every individual feels valued, respected, and empowered.
CORE VALUES We are seeking highly motivated individuals who have the willingness and ability to demonstrate Ascend core values:
Committed to Client Success: Our actions and our words always align with the best interest of the client.
One Team: We work collaboratively to overcome challenges with humility and respect and do what it takes to find innovative solutions.
Integrity: We are unquestionably committed to doing the right thing even when it is hard.
Accountability: We hold ourselves and each other accountable for keeping our commitments to our clients, our communities, and one another.
Transparency: We create open lines of communication with each other and our clients, fostering relationships founded on candor and trust.
PHYSICAL DEMANDS: Must be able to sit, stand, and bend for the duration of shift. The position is mainly sitting, with occasional lifting up to 50 lbs, such as laptop, server equipment, and, driving to the work site to meet with client(s).
