Risk and Compliance Consultant

We are looking for a Risk and Compliance Consultant. This is an eighteen (18) months contract position in the United States with our client. In this role you are responsible for ensuring that the organization adheres to all relevant legal, regulatory, and internal policy requirements. This role includes significant involvement with the IT security team to ensure that compliance and security measures align and support the overall protection of the organization's data and systems.

Responsibilities for a Risk and Compliance Consultant:

• Develop, implement, and maintain compliance policies and procedures in accordance with relevant laws and regulations.
• Conduct regular audits and assessments to ensure compliance.
• Coordinate with firm personnel to facilitate cyber risk analysis and risk management processes and identify acceptable risk based on information classification and needed protection.
• Provide support for compliance with ISO certification, including collection and organization of artifacts with Information Technology Teams.
• Perform periodic security assessments on third-party vendors and ensure that security risks with the potential of causing material harm to the company are properly documented and remediation is tracked.
• Assist in the development and reporting of the Firm Risk Register for executive leadership review.
• Execute the Security Awareness program, including periodic user education and anti-phishing campaigns.
• Work across various business areas to evaluate whether security risks to the company are identified and minimized and acceptable internal controls and procedures are followed.
• Ensure that user access to information assets is provisioned, managed, and terminated as required.
• Maintain documentation of security standards, procedures, processes, and guidelines.
• Coordinate the writing, review, and finalization of company policies, standards, procedures, and guidelines.
• Work on external client audits to provide evidence artifacts and other supportive documentation as applicable.
• Collaborate with technical teams (e.g., HR, IT, Applications, and Desktop Support) during the strategic planning and implementation of new business initiatives.

Required Skills and Qualifications as a Risk and Compliance Consultant:

• Experience in understanding and implementing ISO 27001 controls preferred
• Experience with host and network security technologies such as firewalls, proxies, and operating systems
• Knowledge of application and network security
• Experience communicating conceptual and technical information
• Experience translating technical data into business impact information
• Ability to manage timelines and meet tight deadlines
• Detail-oriented with excellent oral and written communication skills
• Ability to manage and prioritize multiple tasks
• Excellent interpersonal skills needed to work with various levels of technical and managerial staff members
• Self-motivated, constructive, and positive attitude
• Strong analytical and problem-solving skills
• Ability to present data in a consistent and clear manner
• Bachelor’s degree from an accredited university in CS, IT, CIS, or equivalent work experience