Senior GRC Consultant

Summary

We are seeking a highly experienced Information Security & Compliance Consultant with deep hands-on experience implementing ISO 27001, SOC2, PCI-DSS, and HIPAA for startups and U.S.- based clients. The ideal candidate has independently led end-to-end compliance programs, understands auditor expectations, and can guide technical and non-technical teams through full implementation and audit readiness. Experience with Vanta and Drata is a must. You must operate effectively with minimal supervision, lead teams, interact directly with clients, and support both advisory and audit-prep engagements. Preference will be given to candidates willing to join full time and work in IST or EST time zones. ✅ Key Responsibilities Lead end-to-end implementation of ISO 27001, SOC 2, PCI-DSS, and HIPAA frameworks for startups and SMBs. Act as the primary consultant for clients—owning roadmap creation, gap assessments, and remediation planning. Prepare necessary documentation: policies, procedures, SOPs, risk assessments, evidence collection, and audit artifacts. Guide technical and business teams through compliance activities and remediation work. Conduct internal audits aligned with ISO 27001:2022 and SOC2 Trust Service Criteria. Manage external auditors and ensure clients are fully audit-ready. Lead customer meetings and coordinate deliverables while tracking progress on compliance platforms. Work hands-on with Vanta, Drata, and similar GRC automation tools. Mentor junior team members and ensure quality and consistency across engagements. Maintain strong knowledge of information security best practices, cloud security, and applicable regulatory requirements. ✅ Candidate Requirements ISO 27001 Lead Auditor certification (mandatory). Mandatory experience implementing: ISO 27001, SOC2, PCI-DSS, HIPAA. 3–4+ years hands-on compliance consulting or audit experience. Experience working independently with U.S. clients and startups. Strong knowledge of Vanta and Drata setup, workflows, evidence automation, and integrations. Ability to lead team members and coordinate with stakeholders. Excellent communication and documentation skills. Available for full-time or long-term engagements.