GRC Consultant

Overview

As the Senior Governance, Risk and Compliance (GRC) Consultant, you will serve as a trusted advisor to our clients, providing both tactical and strategic recommendations that align with their business goals and compliance obligations. You will lead the design and implementation of tailored cybersecurity programs that support operational resilience, regulatory readiness, and client trust. This is a high-impact role suited for a professional with deep knowledge of GRC frameworks and exceptional client advisory skills.

• SGRC Advisory & Implementation:
  Lead clients through the planning, design, configuration, and transition phases of governance, risk, and compliance programs, ensuring alignment with business objectives and risk tolerance
• Security Control Assessment:
  Assess technical and procedural security controls to evaluate their maturity, effectiveness, and compliance against industry standards and frameworks such as ISO/IEC 27001, NIST SP 800-53, PCI DSS, COBIT, HIPAA, and NERC CIP
• Privacy Compliance:
  Analyze privacy practices and controls for compliance with regulations such as GDPR, FIPPA, PIPEDA, and PIPA. Recommend improvements to ensure privacy assurance and reduce regulatory risk
• Security Program Development:
  Design and develop client-specific security governance structures, policies, and processes. Build scalable and sustainable information security programs to support client growth and compliance objectives
• Risk-Based Recommendations:
  Provide strategic and tactical security recommendations to help clients optimize budgets while strengthening security posture across operations, systems, and processes
• Client Engagement & Communication:
  Build trusted relationships with client stakeholders. Deliver compelling presentations, reports, and strategic roadmaps tailored to executive and technical audiences
• Internal Process Optimization:
  Contribute to the development and refinement of Mirai’s GRC service delivery methodologies and best practices
• Representation & Thought Leadership:
  Represent Mirai with integrity, professionalism, and subject-matter expertise in both client-facing engagements and the broader industry community

• 5+ years of experience in cybersecurity governance, risk, and compliance roles, preferably in a consulting or client-facing capacity
• Proven expertise with information security standards and frameworks such as ISO/IEC 27001, NIST SP 800-53, COBIT, and PCI DSS
• ISO/IEC 27001 Lead Auditor Certification or certification in PCI DSS, CMMC, and/or FedRAMP would be an asset
• Familiarity with industry-specific compliance challenges across various sectors
• Strong understanding of privacy laws and regulations including GDPR, PIPEDA, and others as applicable
• Demonstrated experience developing security policies, risk management strategies, and governance frameworks
• Ability to perform control assessments and gap analyses with actionable recommendations
• Excellent verbal and written communication skills, including experience working with senior stakeholders
• Strong client presence, professionalism, and stakeholder engagement skills
• Ability to work independently and remotely, while managing multiple client projects
• A positive, can-do, customer-focused attitude