
Senior Security Solutions Consultant - Cyber Risk and Strategy
Job Description
Qualifications:
Required
- 4–8 years of experience in cybersecurity, IT risk, or compliance with a clear focus on GRC; must include hands-on experience with at least two GRC domains (risk management, compliance program management, policy governance, or third-party risk)
- Hands-on experience across GRC domains and platforms, including one or more of:
- Risk Management — enterprise and IT risk assessments, risk register development, risk quantification (FAIR or qualitative), risk treatment planning, and KRI design
- Compliance Program Management — regulatory gap assessments, controls mapping, audit readiness, evidence collection workflows, and remediation tracking against frameworks such as SOC 2, ISO 27001, FedRAMP, HIPAA, PCI DSS, DORA, or SOX ITGC
- Policy & Control Governance — policy development and review cycles, control framework design (NIST, CIS, ISO), control testing methodology, and policy exception management
- Third-Party & Vendor Risk — vendor risk tiering, assessment questionnaire management, contractual control review, and ongoing monitoring program design
- GRC Platforms — ServiceNow GRC, Archer, OneTrust, Vanta, Drata, or equivalent: workflow configuration, risk and compliance module setup, or reporting and dashboard design
- Working knowledge of GRC and security frameworks: NIST CSF 2.0, NIST SP 800-53, NIST RMF, ISO 27001/27002, CIS Controls v8, SOC 2 Trust Services Criteria, COBIT, PCI DSS v4, HIPAA Security Rule, SOX ITGC, FedRAMP, and DORA
- Understanding of core GRC concepts: risk appetite and tolerance, control design vs. control effectiveness, separation of duties, three lines of defense, audit lifecycle, regulatory change management, and data privacy principles
Demonstrated consulting delivery competencies, including:
- Structured discovery: ability to conduct current-state discovery interviews, gather documentation and evidence, manage information collection across workstreams, and synthesize findings into clear, structured outputs
- Gap analysis: experience assessing GRC program maturity against frameworks, documenting control gaps, and prioritizing findings by risk and business impact
- Technical communication: ability to translate risk and compliance findings into clear written deliverables and verbal summaries for technical and working-level client audiences
- Workshop facilitation: participate in and contribute to discovery sessions, risk workshops, and working-group meetings; begin developing the ability to facilitate independently
- Deliverable quality: consistent track record of producing accurate, well-structured client deliverables, assessment reports, risk registers, gap analyses, and roadmap presentations, on time and to standard
- Engagement collaboration: work effectively within project teams; communicate status, risks, and issues proactively to the engagement lead; adapt to shifting priorities and client needs
Preferred
- Bachelor’s degree in Information Security, Risk Management, Business, or a related field
- Industry certifications demonstrating GRC knowledge: CISSP, CISM, CISA, CRISC, CGEIT, GRCP, Security+, or equivalent; platform certifications from ServiceNow, OneTrust, or Archer are a strong plus
- Experience in enterprise environments across financial services, healthcare, retail, manufacturing, or public sector, particularly where compliance intersects with regulatory scrutiny (SOX, HIPAA, PCI DSS, DORA, FedRAMP)
- Prior consulting experience at a professional services firm, systems integrator, or equivalent client-facing advisory role
- Familiarity with pre-sales processes: SOW development, effort estimation, or proposal support
Key Competencies
- GRC domain depth and hands-on program execution
- Delivery quality and individual accountability
- Clear technical communication, written and verbal
- Collaborative team contributor with a growth orientation
Success in this role means executing GRC deliverables with high quality and growing independence, building credibility with client teams through consistent performance, expanding domain depth and consulting skills, and contributing to a practice that clients trust and return to while building toward the skills and experience required to step into a Lead Consultant role
Want to learn more about Consulting & Security Services? Check us out on our platform:
https://www.wwt.com/consulting-services
https://www.wwt.com/category/security-transformation
Certain states and localities require employers to post a reasonable estimate of salary range. A reasonable estimate of the current base pay range for this position is $146,500 to $185,000 annually. Actual salary will be based on a variety of factors, including shift, location, experience, skill set, performance, licensure and certification, and business needs. The range for this position in other geographic locations may differ. Certain positions may also be eligible for variable incentive compensation, such as bonuses or commissions, that is not included in the base pay.
The well-being of WWT employees is essential. So, when it comes to our benefits package, WWT has one of the best. We offer the following benefits to all full-time employees:
- Health and Wellbeing: Health, Dental, and Vision Care, Onsite Health Centers, Employee Assistance Program, Wellness program
- Financial Benefits: Competitive pay, Profit Sharing, 401k Plan with Company Matching, Life and Disability Insurance, Tuition Reimbursement
- Paid Time Off: PTO and Sick Leave (starting at 20 days per year) & Holidays (10 per year), Parental Leave, Military Leave, Bereavement
- Additional Perks: Nursing Mothers Benefits, Voluntary Legal, Pet Insurance, Employee Discount Program
We strive to create an environment where all employees are empowered to succeed based on their skills, performance, and dedication. Our goal is to cultivate a culture of belonging that encourages innovation, collaboration, and respect for all team members, ensuring that WWT remains a great place to work for All!
If you have any questions or concerns about this posting, please email [email protected].