GRC Consultant

Position Title: Senior GRC Consultant

Location: Local to the DMV area with remote work

Position Overview:

We are seeking a seasoned Senior AWS Security Operations Engineer to
join our team. In this role, you will manage our security programs, lead
incident response efforts, and secure our AWS environments. You will be
dedicated to proactively identifying and mitigating security threats
while fostering a culture of continuous improvement.

Our Cybersecurity Team is dedicated to protecting our digital assets and
ensuring the integrity of our platform. The Cybersecurity team is
committed to utilize cybersecurity, risk and privacy best practices on
our platforms to protect our customers, employees and our brand.
Composed of skilled professionals with diverse backgrounds in security
operations, incident response, and cloud security, we work tirelessly to
identify and mitigate threats in a fast-paced environment. Our team
leverages cutting-edge tools and technologies, to safeguard our
infrastructure. We prioritize collaboration across departments,
fostering a culture of security awareness and proactive risk management.

Duties and Responsibilities:

- Lead the SOC 2 Type 1 and Type 2 certification process, including
gap assessments, control implementation, and audit readiness.

- Build and manage an ISMS required for ISO 27001 certification.

- Conduct PCI DSS SAQ-A assessments and guide remediation efforts to
ensure compliance.

- Update security policies and standards to align with security and
privacy mandates & industry best practices.

- Develop and maintain a risk management program, performing regular
risk assessments and tracking remediation efforts.

- Prepare for and coordinate internal and external audits to ensure no
critical findings.

- Implement a vendor risk management process aligned with compliance
requirements.

- Drive security awareness training focused on compliance objectives.

Education and Experience Required:

1. Compliance Frameworks & Certifications

- Strong experience with SOC 2 Type 1 and Type 2, ISO 27001, and PCI
DSS (SAQ-A).

- Familiarity with GDPR, CCPA, and SEC cybersecurity guidance.

- Experience in security maturity assessment using NIST CSF and CIS.

- Experience preparing pre-IPO companies for investor due diligence.

2. Policy Development & Risk Management

- Expertise to develop and update security policies & standards in
line with compliance mandates & industry best practices.

- Expertise in risk assessment frameworks such as NIST 800-30 and
ISO 27005.

- Hands-on experience with internal audits and audit readiness.

3. Cloud Security

- Knowledge of cloud security controls in AWS, Azure, and Google Cloud Platform.

- Ability to map technical controls to compliance requirements.

4. GRC Tools & Automation

- Expertise with GRC automation tools, especially Vanta, to streamline
evidence collection and audit prep.

5. Key Character Traits for Success

- Self-Starter, Can take ownership of the GRC program with minimal
oversight.

- Can effectively translate compliance jargon to non-technical teams.

- Influence, Capable of driving compliance & risk reduction across the
organization

Arena Technical Resources, LLC, (ATR) is an Equal Opportunity Employer
(EOE) who will provide equal employment opportunity to employees and
applicants for employment without regard to race, ethnicity, religion,
color, sex, pregnancy, national origin, age, veteran status, ancestry,
sexual orientation, gender identity or expression, marital status,
family structure, genetic information, or mental or physical disability.