1

Grc Consulting Jobs (NOW HIRING)

Having experience in implementing USER ACCESS REVIEW AUTOMATION in SAP GRC. Must-Haves * Someone ... Consulting backgrounds * Candidates with real project experience Job Nice to Haves: * Experience ...

... Process Consulting, problem definition, Architecture/Design /Detailing of Processes At least 3 years of experience in RSA Archer & SNOW Skills At least 2 years of experience in Development ...

GRC Team Lead CapTech is an award-winning consulting firm that collaborates with clients to achieve what's possible through the power of technology. At CapTech, we're passionate about the work we do ...

Company Description CapTech is an award-winning consulting firm that collaborates with clients to ... The Information Security GRC Team Lead leads CapTech's Governance, Risk, and Compliance (GRC ...

Company Description CapTech is an award-winning consulting firm that collaborates with clients to ... The Information Security GRC Team Lead leads CapTech's Governance, Risk, and Compliance (GRC ...

next page

Showing results 1-20

Grc Consulting information

See salary details

$44

$76

$100

How much do grc consulting jobs pay per hour?

As of Jul 14, 2026, the average hourly pay for grc consulting in the United States is $76.99, according to ZipRecruiter salary data. Most workers in this role earn between $67.55 and $87.98 per hour, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a GRC Consultant, and why are they important?

To thrive as a GRC (Governance, Risk, and Compliance) Consultant, you need a solid understanding of risk management frameworks, regulatory requirements, and audit processes, often supported by a degree in business, information security, or a related field. Familiarity with GRC platforms (such as RSA Archer or ServiceNow), knowledge of ISO 27001/9001, and relevant certifications like CISA, CISM, or CRISC are highly valued. Strong analytical thinking, communication, and stakeholder management skills help you translate complex regulations into actionable business practices. These competencies are vital for ensuring organizations remain compliant, mitigate risks, and maintain operational integrity.

What is the difference between Grc Consulting vs Risk Analyst?

AspectGrc ConsultingRisk Analyst
Required CredentialsCertifications like CISA, CISM, or CRISC often preferredCertifications such as FRM, CRM, or CIA common
Work EnvironmentAdvisory roles, client sites, corporate officesFinancial institutions, corporations, or consulting firms
Employer & Industry UsageConsulting firms, large corporations, government agenciesFinancial services, insurance, banking, corporate sectors

Grc Consulting and Risk Analysts both focus on managing and assessing risks, but Grc Consulting typically involves advising organizations on governance, risk, and compliance strategies across multiple areas, while Risk Analysts primarily analyze specific risks within financial or operational contexts. Grc Consultants often work across various industries and provide strategic guidance, whereas Risk Analysts tend to focus on data analysis and risk measurement within specific sectors.

What are some of the most common challenges faced by GRC consultants when working with clients to implement compliance frameworks?

GRC consultants often encounter challenges such as navigating complex regulatory landscapes, addressing gaps in clients' existing processes, and overcoming resistance to change within organizations. Each client may have unique business processes and risk appetites, requiring tailored solutions and strong communication skills. Additionally, aligning stakeholder interests and ensuring ongoing commitment to compliance initiatives are crucial for successful framework implementation.

What is GRC consulting?

GRC consulting refers to advisory services that help organizations effectively manage Governance, Risk, and Compliance (GRC). GRC consultants assist businesses in aligning their strategies, processes, and technologies to ensure they meet regulatory requirements, mitigate risks, and achieve organizational objectives. These consultants often evaluate existing frameworks, recommend improvements, and help implement tools and policies to create a strong compliance culture. Their expertise spans areas such as data privacy, cybersecurity, internal controls, and corporate governance. Working with a GRC consultant can help organizations reduce risk exposure and improve operational efficiency.
More about Grc Consulting jobs
What cities are hiring for Grc Consulting jobs? Cities with the most Grc Consulting job openings:
What states have the most Grc Consulting jobs? States with the most job openings for Grc Consulting jobs include:
Infographic showing various Grc Consulting job openings in the United States as of July 2026, with employment types broken down into 93% Full Time, 4% Part Time, and 3% Contract. Highlights an 84% Physical, 4% Hybrid, and 12% Remote job distribution, with an average salary of $160,135 per year, or $77 per hour.
Cloud Security GRC Consultant

Cloud Security GRC Consultant

Dark Wolf Solutions

Herndon, VA

$100K - $140K/yr

Full-time, Contractor

Re-posted 21 days ago


Job description

Dark Wolf's Google Cloud Security Governance, Risk, and Compliance (GRC) Consultants are the Subject Matter Experts (SMEs) responsible for applying the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) and related federal security frameworks, such as Federal Risk and Authorization Management Program (FedRAMP), to complex systems hosted on Google Cloud for our federal customers. This high-impact consulting role requires a deep understanding of Google Cloud services and the ability to balance technical security control analysis, strategic risk advising, and the development of comprehensive GRC documentation. The ideal candidate will leverage experience driving systems through the Assessment & Authorization (A&A) lifecycle to achieve an Authorization to Operate (ATO), acting as a crucial liaison between technical teams, security assessors, and Authorizing Officials (AO) to translate complex cloud architecture into verifiable compliance evidence and actionable risk intelligence.

Responsibilities:

  • Working collaboratively within a fast paced Agile team environment
  • Staying up-to-date on the latest Google Cloud services and technologies
  • Implementing security best practices for Google Cloud solutions
  • Serving as the SME for all federal compliance requirements, including FedRAMP, NIST SP 800-53, and agency-specific security overlays
  • Supporting development and implementation of innovative methods to achieve compliance with government and commercial cybersecurity frameworks
  • Conducting detailed technical security control assessments against system components and configurations within the GCP environment, identifying gaps, risks, and recommended mitigations
  • Managing the development, review, and finalization of all RMF artifacts, including but not limited to the System Security Plan (SSP), Security Controls Traceability Matrix (SCTM), and associated policies and procedures
  • Providing security and compliance guidance to cloud architecture and engineering teams to ensure security is built-in (DevSecOps principles) from system design through deployment
  • Utilizing Google Cloud native tools and features to aid in continuous monitoring (ConMon) activities, vulnerability management, and security posture management
  • Serving as the primary liaison with the Authorizing Official (AO), security assessors (e.g., 3PAOs), and federal agency security teams during control assessments and authorization reviews
  • Developing and presenting clear, compelling Plan of Action and Milestones (POA&M) entries, advising leadership on system risks, impact, and mitigation strategies
  • Providing strategic consulting and recommendations to senior management and clients on evolving federal cloud security policy and best practices
  • Training and mentoring junior team members or system owners on RMF processes, documentation standards, and cloud compliance methodology

Required Qualifications:

  • 4+ years of relevant experience
  • Experience as an RMF Consultant, ISSM/ISSO, Security Controls Validator, and/or information assurance engineer
  • Hands-on with eGRC tools like: eMASS, XACTA, RSA Archer, etc.
  • Ability to clearly articulate ideas for executive level consumption
  • Demonstrate the ability to adopt expertise by incorporating new knowledge in real-time to solve client challenges
  • Strong understanding of Google Cloud services and technologies
  • Excellent communication and teamwork skills
  • B.A. or B.S. Information Security, Computer Science, or related discipline
  • US Citizenship and an active Secret Security Clearance

Preferred Qualifications:

  • At least one Google Cloud Professional Certification
  • Experience working within Agile teams
  • Experience working with Google Cloud compliance products such as Security Command Center and Assured Workloads
  • Experience working with customers in the U.S. Public Sector
  • U.S. Federal Government security clearance
  • Experience with DoD/DISA cybersecurity policies

This position will be a hybrid role based out of multiple hubs including: Herndon, VA, Tampa, FL, Huntsville, AL, Colorado Springs, CO, Ogden, UT, and Omaha, NE.

The salary range for this position is estimated to be between $100,000.00 - $140,000.00, commensurate on experience and technical skillset.

We are proud to be an EEO/AA employer Minorities/Women/Veterans/Disabled and other protected categories.

In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire.

We are strictly looking for direct, full-time W2 employees. We do not engage with third-party staffing agencies, C2C, or 1099 independent contractors for this role.