Executive Advisor, Governance, Risk & Compliance

About Us

We are a premier cybersecurity consultancy, blending advanced offensive and defensive strategies to safeguard our customers.

With a team known for its contributions to cybersecurity research at platforms like Black Hat and DEF CON, we excel at identifying and mitigating sophisticated threats. Large enterprises from a range of industries trust us for advanced adversarial emulation and for critical support in managing their cyber frameworks. Governments trust us with classified projects, relying on our precision and discretion to handle sensitive information securely.

We’re a small group that makes a big impact.

Our deep technical expertise and our commitment to clients continues to fuel our success, and with success comes growth – we’re currently searching for a senior-level GRC Advisor with a strong cybersecurity consulting background…

Role Profile

In this position your mandate is to ensure that our clients meet the stringent cybersecurity standards set by regulatory bodies in their industries and jurisdictions. Working remotely, you’ll advise clients on best practices, develop work plans, harness resources, and ultimately drive engagements to completion.

This is a challenging role, but also an outstanding opportunity to join an accelerating startup in a position that’s crucial to the company’s continued success.

Key Responsibilities

• Provide guidance and support to client organizations throughout their cybersecurity compliance journey, enabling them to build robust security programs.
• Work with clients to design and implement security measures and controls in line with cybersecurity standards, collaborating with clients’ teams to develop and implement the action plans necessary to achieve compliance.
• Clearly articulate the cybersecurity program to client organizations’ employees of all levels to ensure understanding and adherence to cybersecurity best practices.
• Assist organizations with the review and update of existing security policies and procedures to align with evolving requirements and best practices in cybersecurity.
• Prepare detailed reports on the status of an organization’s cybersecurity compliance. Prepare and deliver thoughtful, insightful, and professional presentations to clients and internal Malleum stakeholders.
• Keep abreast of the latest cybersecurity threats and trends, as well as updates to the relevant industry standards such as the CMMC framework.
• Achieve utilization targets, complete projects on time and budget, and meet quality standards.
• Study, learn, test, document, execute and seek to continuously improve scalable consulting services processes to effectively deliver customer engagements while achieving a high level of customer satisfaction.
• Execute project planning, scheduling, and other coordination of internal and client resources to conduct interviews, meetings, and presentations.
• Develop a thorough understanding of our solution and service offerings, sales process, marketing materials, contract and statement of work (SOW) structure, methodologies, delivery standards, work tools, and processes.
• Pursue additional education and stay current on best practices, technical skills, and tools related to the position’s duties.

Candidate Profile

We’re looking for a star.

As an ideal candidate you have a strong record in GRC/cyber consulting and you’re a natural at it: driven, accountable, highly organized, autonomous and analytical, with outstanding communication and interpersonal skills, and the ability to quickly establish your credibility and build trusting relationships with clients.

You thrive under pressure, you learn fast, and ideally you have a thorough understanding of the NIST 800-171, DFARS 252.204-7012, and the Cybersecurity Maturity Model Certification (CMMC) framework.

It is essential that you fulfill the requirements to acquire a SECRET level II security clearance.

Key Qualifications

• Post-secondary education in information technology, computer science, or equivalent combination of education and experience.
• 5+ years of experience in IT security, risk management, or compliance.
• Current certification as a Registered Practitioner Advanced (RPA) or Registered Practitioner (RP) is an asset. The ability to achieve a Registered Practitioner (RP) credential under the CMMC version 2.0 framework is essential.
• Knowledge of the CMMC framework, NIST SP 800-171, and DFARS 252.204-7012 regulations is a significant asset. In-depth knowledge of NIST and at least one other cyber framework is essential.
• Relevant professional certifications such as CISSP, CRISC, CISA, CISM, coupled with advanced knowledge of a range of cybersecurity technologies and solutions.
• Skilled and experienced in managing projects and leading consulting engagements, with a record of delivering exceptional value to clients.
• Superior communication and presentation skills with the ability to explain complex security concepts to non-technical staff.
• Exceptional client-service orientation, with the ability to build trust and develop rapport with a broad range of client stakeholders, including Defense Industrial Base compliance and information system professionals.
• Independent and autonomous, with the drive to seek out and leverage internal resources as needed, and proactively take ownership of their work and career development.
• Excellent analysis and problem-solving skills, especially in the information systems, security, and privacy space.
• Ability to learn new subject matter and context quickly and to maintain market and subject matter awareness.
• Ability to understand SOWs, customer proposals, project notes, deliverables, and final reports; assimilate previous experience, relevant subject matter, data, facts, and results; and develop relevant questions of colleagues to hasten understanding scenarios, methodologies, processes, and “lessons learned.”

Next Steps

If you get what this job is all about, you recognize yourself in the language, and you’re eager to jump onto a fast-moving train, we want to hear from you.