top of page

GRC Consultant                                         Job# JNRC0136

 

Location: Ashburn VA + Client Sites 

Clearance: Eligible

Employment Type: Full-Time (no independent consultants)

Agency: Commercial

Travel: 25 - 50% (includes international)

Position Description 

This position is responsible for oversight and coordination of the Governance, Risk and Compliance practice and oversees and manages the implementation of multiple GRC projects. This position has several principle accountabilities as outlined below. This position reports to the Director of ERP Advisory Services.

Technical Expectations/Professional Practices

  • Directly responsible for procedures and controls to assure compliance with applicable regulatory and legal requirements as well as good business practices for all customers

  • Ability to implement Approva/Infor GRC, SAP GRC to include modules such as Access Controls, Emergency Management, User Access Certifications, and Transaction Monitoring/Process Controls

  • Ability to configure and perform thorough testing of the GRC modules

  • Provide recommendation on areas that require business process redesign in terms of segregation of duties remediation efforts

  • Understanding of security structure for core ERP solutions such as PeopleSoft Financials, SAP, Oracle, Infor LN, Syteline, Baan4c, AccPac, and M3

  • Establish and oversee formal risk analysis and self-assessments program for various Information services systems and processes.

  • Help ensure compliance with HIPAA, PCI and the NC Identity Theft law.

  • Establish and oversee a formal vulnerability and testing program.

  • Liaise with Internal Audit, Corporate Compliance, to remediate new and outstanding issues, track security-related issues on the risk register

  • Promote and able to conduct Webinars to customers on new strategies for using the GRC solutions to aid in their audits

  • Maintain expertise on security trends through training, research and development in order to mitigate potential security exposures.

  • Manage, coach, lead and develop a small staff of GRC personnel.

  • Train other staff and external clients as necessary.

Administrative Expectations

  • Ability to work independently with or without direction and/or supervision.

  • Ability to prioritize and multitask as well as flexibility and adaptability in work approach.

  • Calmness and clarity of thought under pressure and ability to maintain confidentially.

  • Strong written and verbal communication skills.

  • Demonstrate leader with team-oriented interpersonal skills

  • Ability to effectively interface with a broad range of people and roles.

  • Accept responsibility and personal accountability.

  • Background / Qualifications: In-depth understanding of SOX, GAAP, GAAGUS, PCI, NC Identity Theft law as well as industry security frameworks.

  • Advanced knowledge of risk assessment design and delivery.

  • Professional security management certification: IIA or CISA preferred.

  • Knowledgeable of governance, risk and compliance systems and how to design a GRC frame work to include SAP GRC, Approva/Infor Risk Governance and Compliance, or Oracle GRC or any other industry standard GRC solution.

Requirements

  • A Bachelor’s degree required; graduate degree or courses a plus

  • Professional security management certification: IIA or CISA preferred.

  • Four or more years of progressive Information Security, IT Audit, Big 4 experience, and experience with an industry standard GRC solution such as Infor Approva Risk and Compliance, SAP GRC, and Oracle.  

 

 

www.CyberSecSource.com

bottom of page