Cybersecurity/GRC Consultant

Sparrow Company - Tijuana, Baja California, Mexico

Cybersecurity/GRC Consultant


Looking for an experienced information technology security and privacy GRC professional, with a great track record for managing the execution of GRC programs. Must excel in organizing, planning and delivering results and relish working with others to achieve critical security outcomes. You assess and help clients develop Cybersecurity programs and build in those requirements into product offerings & services as well as day-to-day business processes. You will work directly with the other teams to implement and maintain a sustainable Cybersecurity GRC programs for clients.


May perform any or all of the following duties:.

  • Developing recommendations to design and/or strengthen Cybersecurity programs for organizations and assist in improving their efficiency and effectiveness, adding value to the organization.
  • Execute periodic organizational and service level risk and impact assessments to identify IT, Security & Privacy risks in a manner that helps clients comply with multiple regulations/frameworks that use a risk based approach to implementing Security & Privacy practices.
  • Analyze control related gaps/non-conformities/findings in the context of the Cybersecurity and Risk Management program.
  • Maintain a Risk Register and drive sound risk management and reporting functions.
  • Administer and operate GRC toolset to automate processes and programs to gain efficiencies.
  • On an as-needed basis, provide advisory services to other teams on maintaining compliance with the IT, Privacy and Security policies and standards through the course of their business operations.
  • Support client audit/assessment activities.
  • Participate in governance activities such as creation and review of policies, standards and procedures/guidance documents.
  • Meet with clients to research and understand requirements for solutions centered around development of Cybersecurity & Risk Management programs (NIST CSF, CIS, ISO 27001).
  • Pre- Sales (10%)
    • Speaking to clients using PowerPoint Presentations on GRC Solutions.
    • Develop statement of work (SoW) with task lists and estimated level of effort (LOE) for various types of projects in support of these solutions
  • Design, build and deliver the optimal GRC solutions to address the client requirements
  • Audit client environments and deliver GRC security recommendations
  • Collaborate with Professional Services team on developing deployment models
  • Continuously update the skills and knowledge to keep up with the changing landscape and customer needs


  • 5+ yeas experience working with multiple cross functional teams to enhance and maintain a Cybersecurity Controls Framework that meets multiple regulatory/industry best practices security and privacy standards.
  • Gather and maintain library of objective evidence to show ongoing compliance with the documented controls.
  • Test Controls and log , track and report on control related gaps/non-conformities including validation of remediation plans.
  • Facilitate/support client audit/assessment activities
  • Execute ongoing organizational assessments to identify technology, security & privacy risks.
  • Use GRC toolset to automate processes and programs to gain efficiencies.
  • Participate in governance activities to provide feedback and maintain security & privacy policies, standards and procedures/guidance documents.
  • Prior Consulting Experience is a preferred but not a strict requirement
  • Familiarity with common security standards such as PCI, HIPAA, Sarbanes Oxley, ISO 27001, NIST, or CIS
  • Strong understanding and knowledge of risk assessment, and security assessments
  • Comfortable presenting to CIO/CISO/CTO solution demonstrations and virtual whiteboard sessions
  • Ability to work cooperatively with sales, services and the Project Management team
  • Previous experience working in collaborative team environments
  • Excellent verbal and written communication, organization skills and detail oriented (English Language)
  • Excellent presentation skills (Including Creating PowerPoint Presentations)
  • Comfortable being on Camera
  • Ability to work 8 to 5 in a US Time Zone (cross regionally)
  • Some travel may be required.
  • Demonstrated passion for self-study, and self-learning to keep up with the changing security landscape and customer needs

Posted On: Wednesday, February 21, 2024
Compensation: $48,000.00

Apply to this job