Security Consultant (GRC and Security Controls Focus)

Job Title: Security Consultant (GRC and Security Controls Focus)

Job Type: Full-Time Remote

About Us:

Blue INK Security is a leading cybersecurity firm dedicated to protecting organizations from evolving cyber threats. We specialize in designing, implementing, and managing robust security solutions tailored to our clients' needs. Our team of cybersecurity professionals helps clients build resilient security programs that align with industry best practices, regulatory requirements, and business objectives.

Job Description:

We are seeking a proactive and enthusiastic Security Consultant to join our team. This role requires experience supporting cybersecurity programs, participating in risk assessments, and understanding technical security controls.

Directly supporting our client-facing CISOs, the Security Consultant will support strategic and tactical security initiatives for our clients, ensuring that their security posture is both compliant and operationally sound. This position is ideal for a hands-on security practitioner who is comfortable working with mid-size organizations, supporting security initiatives, and following best practices in technically diverse environments.

As a Security Consultant, you will primarily support our client-facing CISOs, on cybersecurity risk management, compliance, and security architecture, helping them align their security programs with industry standards such as ISO 27001, CIS Controls, NIST frameworks, SOC 2, and HIPAA.

Experience supporting data privacy programs or AI governance initiatives is considered a strong plus but is not required.

Key Responsibilities:

Compliance & Governance

• Support CISO with cybersecurity compliance initiatives such as ISO 27001, CIS Critical Security Controls, NIST 800-171, SOC 2, and HIPAA.
• Research and develop sound information security policies, standards, and governance frameworks aligned with regulatory requirements and industry best practices.
• Support compliance gap assessments and develop roadmaps to help organizations achieve and maintain certifications.
• Support audit preparation, evidence collection, and ongoing compliance monitoring.

Nice to Have

• Assist clients in developing or improving data privacy programs aligned with regulations such as GDPR, CCPA, or other global privacy standards.
• Support governance initiatives related to emerging technologies such as AI risk management and responsible AI usage

Security Controls & Implementation

• Support the implementation of practical security controls for networks, cloud environments, SaaS platforms, and enterprise applications.
• Experienced with security technologies including SIEM, endpoint protection, IAM, vulnerability management, and incident response tools.
• Experienced with identity and access management (IAM), endpoint security, logging and monitoring, and data protection practices.
• Experienced with security architecture and secure configuration of IT and cloud environments.
• Assist CISO in developing and maintaining secure operational processes such as patch management, backup strategies, and incident response procedures.

Nice to Have

• Support the implementation of privacy-by-design practices within security architecture and data management processes.
• Evaluate AI tools, automation platforms, and third-party technologies for security and data protection risks.

Leadership

• Experienced with supporting executive cybersecurity leadership, IT teams, and business stakeholders.
• Understand strategic guidance on security investments, technology adoption, and security team development.
• Experienced with incident response plans, security awareness programs, and tabletop exercises.
• Support CISO in building long-term cybersecurity strategies and governance programs.
• Work cross-functionally with legal, IT, and compliance teams to align security initiatives with business objectives.

Nice to Have

• Support clients requiring fractional leadership roles, such as CISO, DPO, or governance advisor.
• Provide guidance on responsible AI use, risk management, and regulatory developments affecting AI technologies.

Project Management

• Manage security and compliance initiatives during planning or execution.
• Experience with cybersecurity roadmaps and maturity improvement plans for clients.
• Experience with security metrics, KPIs, and risk indicators to support executive reporting.
• Coordinate across internal teams, vendors, auditors, and client stakeholders to ensure successful project delivery.
• Experience with security awareness initiatives and help foster a strong security culture within client organizations.

Communication Skills:

• Exceptional communication and presentation skills are essential for this role.
• Candidates must demonstrate the ability to translate complex cybersecurity risks and technical concepts into clear business language for non-technical stakeholders and executive leadership.
• A strong consulting presence and the ability to build trusted relationships with clients is critical.

Qualifications:

• Understanding of cybersecurity risk management, governance, and compliance frameworks.
• Experience with cybersecurity initiatives or managing security programs within organizations.
• Experience with cybersecurity frameworks such as ISO 27001, CIS Controls, NIST frameworks, SOC 2, or HIPAA.
• Experience with security controls including MFA, IAM, endpoint security, cloud security, vulnerability management, and monitoring solutions.
• Experience with security policies, standards, and governance frameworks.
• Ability to work independently and under CISO direction with clients while managing multiple initiatives and priorities.
• Experience supporting critical projects including planning, execution, and stakeholder communication.

Preferred Qualifications:

• Industry certifications such as CISSP, CISM, CISA, CRISC, or ISO 27001 Lead Auditor / Implementer.
• Familiarity with cloud security architectures in AWS, Azure, or Google Cloud environments.
• Familiarity with implementing or managing security tools and automation to improve operational efficiency.
• Familiarity with data privacy regulations such as GDPR, CCPA, or other global privacy requirements.
• Familiarity with emerging AI risk management frameworks such as the NIST AI Risk Management Framework.

Benefits:

• Competitive salary and benefits package
• Opportunities for professional growth and development
• A supportive and collaborative remote work environment
• Exposure to a diverse set of client environments and challenges

If you are a detail-oriented and experienced Security Consultant with a track record of supporting CISOs and security programs, we invite you to apply for this position at Blue INK Security. Join our team and help our clients stay resilient against evolving cyber threats.