GRC Auditor

Submit your application and resume through our online form. We'll review your qualifications and get back to you soon.

Silpa Companies, LLC is a national IT consulting and staffing firm empowering organizations across multiple industries through a blend of AI adoption, Master Data Management, Data & Analytics, Cybersecurity, Cloud Engineering, Dev Sec Ops /Git Ops, Fractional C-Suite leadership, Digital Transformation, and M&A advisory for private equity and software ventures.

Silpa Secure is seeking a skilled GRC Auditor for project-based contract engagements supporting our clients across governance, risk, and compliance programs. You will assess clients against industry frameworks, evaluate control environments, identify compliance gaps, and produce actionable audit findings and remediation roadmaps. This role is designed for a compliance and risk practitioner who works well independently, communicates clearly with leadership stakeholders, and delivers structured, client-ready documentation.

Engagements may span SOC 2, ISO 27001, NIST CSF, HIPAA, CMMC, PCI DSS, and other regulatory or framework-specific assessments.

• Conduct GRC assessments and audits against frameworks including SOC 2, ISO 27001, NIST CSF/800-53, HIPAA, CMMC, PCI DSS, and/or state/federal regulatory requirements.
• Review policies, procedures, and control documentation to evaluate design and operational effectiveness.
• Interview client personnel, collect evidence, and assess control maturity across security, privacy, and operational domains.
• Identify compliance gaps, document findings, assign risk ratings, and develop prioritized remediation roadmaps.
• Produce high-quality audit reports and executive summaries tailored for CISO, CIO, and Board-level stakeholders.
• Support clients through pre-audit readiness assessments and third-party audit preparation.
• Collaborate with Silpa project leads to define engagement scope, timelines, and deliverable formats.
• Advise clients on risk treatment options and the business impact of identified compliance gaps.

• Demonstrated experience conducting GRC assessments, internal audits, or third-party compliance reviews.
• Deep working knowledge of two or more of the following: SOC 2, ISO 27001, NIST CSF, NIST 800-53, HIPAA, CMMC, PCI DSS, or FedRAMP.
• Strong ability to review and evaluate policies, controls, and evidence in an auditor capacity.
• Skilled at producing structured audit documentation including findings registers, gap analyses, and executive reports.
• Effective communicator capable of engaging directly with client CISOs, compliance officers, and risk leadership.
• Self-directed with the ability to manage audit workflows, evidence requests, and client coordination independently.
• Familiarity with GRC tools and platforms (One Trust, Service Now GRC, Drata, Vanta, Archer) is a plus.

• Authorized to work in the U.S.
• Candidates located in the Houston, Texas area will be given preference; however, remote practitioners will also be considered.
• Reliable internet connection and ability to travel to client sites when required by engagement scope.
• Available to begin engagements within a standard mobilization window and responsive during project duration.

Silpa Secure's GRC practice works with clients across healthcare, financial services, energy, and technology sectors who are navigating real regulatory obligations and security maturity goals. As a contract GRC Auditor in our network, you will engage with executive-level stakeholders whose organizations take compliance seriously. Your recommendations will directly influence security investment decisions and audit outcomes. We prioritize long-term practitioner relationships. Contractors who deliver quality work become our first call for follow-on and expanded engagements.