Overview
The GRC & Cybersecurity Consultant at Elastify plays a critical role in helping Elastify’s customers in strengthen their security posture, meeting regulatory obligations, and managing their cyber risk effectively. This role blends strategic advisory work with hands‑on implementation, guiding clients through the design, assessment, and enhancement of cybersecurity and compliance programs.
Key Responsibilities
Governance & Strategy
- Executes tasks under the supervision of the Manager, Lead Consultant, or Senior Consultants (leadership).
- Develop, refine, and assist with the implementation of cybersecurity governance frameworks aligned with industry standards (e.g., NIST CSF, CIS Controls, SOC 2, ISO 27001, etc.).
- Support clients in establishing cybersecurity policies, standards, and procedures.
- Facilitate cybersecurity maturity assessments and develop improvement roadmaps.
- Ensure ongoing compliance operational support for assigned Compliance-as-a-Service (CaaS) customers.
Risk Management
- Conduct enterprise and IT risk assessments, including, as required, threat modelling and control gap analysis.
- Identify, evaluate, and prioritize cybersecurity risks across people, processes, and technology.
- Recommend risk treatment strategies and support clients in implementing mitigation plans.
- Assist in developing and maintaining risk registers and risk reporting dashboards.
Compliance & Audit Support
- Conduct readiness assessments and internal audits to prepare clients for external certifications or regulatory reviews.
- Support evidence collection, control testing, and remediation activities.
- Deliver clear, concise reports, presentations, and recommendations tailored to business and technical audiences.
- Facilitate workshops, client training sessions
Qualifications
Education & Experience
- Degree in cybersecurity, information systems, computer science, or a related field (or equivalent experience).
- 1–3+ years of experience in cybersecurity, GRC, IT audit, or risk management consulting.
- Experience working with recognized frameworks such as NIST CSF, CIS Controls, ISO 27001, SOC 2, or COBIT.
Skills & Competencies
- Understanding of cybersecurity principles, controls, and threat landscapes.
- Excellent analytical, problem‑solving, and communication skills.
- Ability to manage multiple engagements and deliver high‑quality work under deadlines.
- Proactive, detail‑oriented, and highly organized.
- Comfortable working independently or as part of a collaborative consulting team.
- Client‑focused mindset with a commitment to delivering value.
