GRC Lead Consultant (Future Head of GRC)
100% Remote Working - US candidates only
Eastern Timezone Working Hours
This is a long-term contract opportunity for a Lead GRC Consultant, but the future plans for this role is for the successful candidate to transition into a permanent role as the Head of GRC.
***US Citizens only - Visa's/Spoonsorship will not be accepted for this role***
Overview
This role will initially focus on hands-on assessment and advisement for PCI (SAQ-D scope) and SOX controls, with a clear growth path into the Head of GRC position. The ideal candidate will be both a practitioner and strategic leader, capable of maturing the GRC program, enhancing governance practices, and driving automation across compliance processes.
Key Responsibilities
- Lead assessment and advisory efforts for PCI (SAQ-D) and SOX controls.
- Provide strategic direction and hands-on support for a large PCI compliance project covering two major applications.
- Evaluate and strengthen IT and Cyber control effectiveness across multiple business units.
- Develop, document, and maintain IT and Cyber Control Playbooks to standardize control implementation and assessment.
- Align governance and controls to industry-standard frameworks (e.g., NIST, CIS, ISO 27001).
- Support and mature governance functions across risk, compliance, and security domains.
- Lead and mentor a GRC team of 20, evolving processes and structure to support scalability and maturity.
- Identify opportunities to automate compliance and risk management processes to improve efficiency and accuracy.
Qualifications
- Proven experience leading or advising PCI-DSS and SOX programs.
- Deep understanding of risk management, control design, and control testing methodologies.
- Hands-on experience developing IT and Cyber Control Playbooks.
- Familiarity with NIST CSF, CIS Controls, and other recognized frameworks.
- Strong background in governance and compliance program development.
- Demonstrated ability to balance technical depth with leadership and strategic oversight.
- Experience working in or managing large GRC teams.
- Exposure to GRC automation tools (e.g., Archer, ServiceNow GRC, OneTrust, or similar) preferred.
