Risk Advisory GRC Consultant - Remote (USA)

Risk Advisory GRC Consultant - Remote (USA)

What You Will Do

• Perform SOC 2 Type I/II readiness assessments and support attestation engagements, including scoping, control evaluation, gap identification, and remediation guidance
• Conduct ISO 27001 gap assessments, internal audits, and certification support engagements for clients across a range of industries and sizes
• Test and evaluate IT General Controls (ITGCs) across client environments, documenting findings and providing actionable remediation recommendations
• Support PCI DSS, HITRUST, HIPAA, and CMMC Level 2 compliance assessments as client workload requires
• Prepare and review audit workpapers, evidence requests, control narratives, and client-facing deliverables to a consistent standard of quality
• Work directly with clients to identify and assess information security risks, develop security policies and procedures, and provide practical remediation guidance
• Contribute to incident response planning, tabletop exercises, and business continuity engagements as part of Echelon's broader advisory portfolio
• Manage multiple concurrent client engagements, balancing priorities and delivering quality results on schedule
• Build strong internal and client relationships through clear written and verbal communication, translating technical findings for both technical and non-technical audiences
• Stay current with evolving compliance frameworks, audit standards, and security threats to strengthen client services and internal methodologies
• Demonstrate thought leadership by creating content for the organization's website and blog, and through involvement in the cybersecurity community Your Knowledge, Skills, and Abilities
• 2-4 years of hands-on experience in IT audit, compliance, or GRC consulting, with a focus on SOC 2 Type I/II audits, ISO 27001 assessments, or related attestation engagements
• Demonstrated understanding of IT General Controls (ITGCs), Trust Services Criteria, and audit standards such as SSAE 18 or ISAE 3402, with additional exposure to incident response planning and business continuity concepts.
• Ability to conduct risk assessments, compliance reviews, and readiness evaluations across frameworks, including SOC 2, ISO 27001, PCI DSS, HITRUST, and HIPAA
• Strong analytical skills with the ability to identify and assess complex risk scenarios and offer practical solutions
• Familiarity with leading GRC tools and technologies to support compliance and risk management initiatives
• Excellent communication and presentation skills, capable of articulating technical concepts to technical and non-technical audiences
• Strong project management skills, including managing multiple engagements and deliverables simultaneously while maintaining high quality and client satisfaction standards
• Prior experience at a Big 4 firm, a mid-tier CPA/advisory firm, or a boutique IT audit/attestation firm is strongly preferred Preferred Qualifications
• Already certified in, or currently pursuing, one or more of the following CISA, CIA, CPA, CISSP, and/or ISO 27001 Lead Auditor
• Experience with the incident response lifecycle
• Experience developing project plans and timelines
• Track record of high-volume SOC 2 or ISO 27001 engagement delivery in a client-facing consulting or attestation role
• Exposure to FedRAMP, CMMC, or other government compliance frameworks We currently offer the following benefits
• Access to medical, dental, and vision insurance through Cigna, with the majority of the employee cost covered by the employer
• Employer funding to HSA accounts and FSA access
• Access to a 401(k) through Vanguard with a guaranteed employer contribution
• Flexible vacation policy that allows you to manage your schedule and rest and recharge when you need to.
• 11 holidays with flexibility based on what is important for you and those you love
• Employer-paid short-term and long-term disability, employer-paid life insurance, and access to additional life insurance, hospital coverage, accidental coverage, discounted mental health support, and more.
• Support for individual development through certifications, continued learning, conferences, and more Apply To this Job Apply To This Job