Job Description
GRC Risk/Information Security Consultant Prevalent is a leading provider of comprehensive third party risk management solutions, dedicated to helping organizations navigate complex regulatory landscapes and protect their information assets. Our team of experts specializes in implementing and managing risk frameworks that meet the highest industry standards. We are seeking a highly skilled Risk Consultant with extensive experience in ISO 27001, NIST, SOC 2, and other related risk frameworks. The ideal candidate will have a strong background in information security, risk assessment, and compliance, and will be responsible for advising clients on best practices to mitigate risks and ensure compliance with relevant standards. This position will be primarily remote, with occasional requirements to work out of our office in Ottawa, or visit customer sites. Job Responsibilities Conduct comprehensive risk assessments and gap analyses based on ISO 27001, NIST, SOC 2, and other relevant frameworks. Develop, implement, and maintain information security management systems (ISMS) in accordance with ISO 27001 to maintain ISO certification. Provide guidance on the implementation of NIST cybersecurity frameworks (CSF, SP 800-53, etc.), SOC 2 Trust Service Criteria, SOC1, HITRUST and Environmental, Social and Governance. Perform security and risk audits and reviews to ensure compliance with regulatory requirements and industry standards. Create executive and contextual risk reports for client third parties Create content for framework related surveys including frameworks for Information Security, Environment and Social Governance, Financial and Business. Develop risk management strategies, policies, and procedures tailored to clients’ specific needs. Monitor and report on the status of information security controls and risk mitigation activities. Stay up-to-date with the latest industry trends, threats, and technologies to provide expert advice to clients. Collaborate with cross-functional teams to integrate risk management processes into business operations. Required Background & Experience Professional certifications such as CISSP, CISM, CRISC, or similar are highly desirable. Minimum of 5 years of experience in risk management, information security, or compliance consulting. In-depth knowledge of ISO 27001, NIST CSF, NIST SP 800-53, SOC 2, and other relevant frameworks and standards. Proven experience in developing and implementing ISMS and cybersecurity frameworks. Strong analytical, problem-solving, and decision-making skills. Excellent communication and presentation skills, with the ability to explain complex concepts to non-technical stakeholders. Ability to manage multiple projects and meet deadlines in a fast-paced environment. High level of integrity, professionalism, and attention to detail. Bachelor’s degree in Information Security, Computer Science, or a related field.