Why Work Here? MorganFranklin Consulting is a management advisory firm that works with leading businesses and government to address complex and transformational finance, technology, Cybersecurity, and business objectives. MorganFranklin's Cybersecurity practice helps clients across the globe to solve their most critical Cybersecurity needs. From consulting and implementation to managed services and project resourcing, we work to safeguard assets by identifying risks, developing, and maturing Cybersecurity programs, and implementing solutions that support and meet business goals. Custom-tailored and business-aligned service offerings include:
Strategy and GRC
Cybersecurity Operations
Identity & Access Management
Incident Response & Risk Intelligence
Application Security
Managed Security Services Provider
Position Overview The GRC Consultant will play a critical role in delivering Governance, Risk Management, and Compliance (GRC) engagements for MorganFranklin's clients. This position is responsible for assessing, enhancing, developing, and implementing processes and technologies that support clients' strategic and operational objectives. The role involves a blend of strategic program-level activities and tactical program execution, enabling clients to establish resilient and effective GRC programs. This position supports MorganFranklin Cybersecurity's full suite of GRC services, helping clients navigate and meet complex regulatory, operational, and cybersecurity challenges.
Key Responsibilities
Governance:
Provide input regarding development and enhancements to governance frameworks through policy development, procedures, assessments, monitoring, reporting, and education and awareness programs.
Assist with development of thought leadership on best practices in governance tailored to industry-specific requirements.
Risk Management:
Support the design and execution of enterprise risk management frameworks, enabling clients to identify, assess, mitigate, and monitor cybersecurity risks effectively.
Perform risk analyses, develop mitigation strategies, and implement risk controls aligned with leading frameworks.
Compliance:
Support compliance assessments and assists with defining actionable recommendations to enhance maturity and reduce compliance risks
Define and manage compliance objectives by developing and enhancing processes to meet internal policies, regulatory requirements, and industry best practices (e.g., NIST, PCI-DSS,HIPAA).
Collaboration & Delivery:
Work closely with project teams and client stakeholders to achieve engagement goals and objectives.
Provide high-quality documentation, reporting, and presentations tailored to client needs.
Requirements
Experience:
2-5 years of experience supporting cybersecurity initiatives with application of frameworks and standards.
Education & Certifications:
Bachelor's degree, preferably in Information Technology or Information Security, or equivalent specialized practical experience and certifications (e.g., CISSP, CISM, CISA, CRISC, etc.)
Knowledge & Skills:
In-depth knowledge of regulatory standards (e.g., HIPAA, PCI-DSS, CMMC).
Familiarity with industry frameworks and standards, such as NIST CSF, ISO 27001, SOC 2, and COBIT.
Expertise with utilizing the Microsoft Office suite of products (Excel, Word, and PowerPoint)