Qualifications:Required- 4-8 years of experience in cybersecurity, IT risk, or compliance with a clear focus on GRC; must include hands-on experience with at least two GRC domains (risk management, compliance program management, policy governance, or third-party risk)
- Hands-on experience across GRC domains and platforms, including one or more of:
- Risk Management - enterprise and IT risk assessments, risk register development, risk quantification (FAIR or qualitative), risk treatment planning, and KRI design
- Compliance Program Management - regulatory gap assessments, controls mapping, audit readiness, evidence collection workflows, and remediation tracking against frameworks such as SOC 2, ISO 27001, FedRAMP, HIPAA, PCI DSS, DORA, or SOX ITGC
- Policy & Control Governance - policy development and review cycles, control framework design (NIST, CIS, ISO), control testing methodology, and policy exception management
- Third-Party & Vendor Risk - vendor risk tiering, assessment questionnaire management, contractual control review, and ongoing monitoring program design
- GRC Platforms - ServiceNow GRC, Archer, OneTrust, Vanta, Drata, or equivalent: workflow configuration, risk and compliance module setup, or reporting and dashboard design
- Working knowledge of GRC and security frameworks: NIST CSF 2.0, NIST SP 800-53, NIST RMF, ISO 27001/27002, CIS Controls v8, SOC 2 Trust Services Criteria, COBIT, PCI DSS v4, HIPAA Security Rule, SOX ITGC, FedRAMP, and DORA
- Understanding of core GRC concepts: risk appetite and tolerance, control design vs. control effectiveness, separation of duties, three lines of defense, audit lifecycle, regulatory change management, and data privacy principles
Demonstrated consulting delivery competencies, including:- Structured discovery: ability to conduct current-state discovery interviews, gather documentation and evidence, manage information collection across workstreams, and synthesize findings into clear, structured outputs
- Gap analysis: experience assessing GRC program maturity against frameworks, documenting control gaps, and prioritizing findings by risk and business impact
- Technical communication: ability to translate risk and compliance findings into clear written deliverables and verbal summaries for technical and working-level client audiences
- Workshop facilitation: participate in and contribute to discovery sessions, risk workshops, and working-group meetings; begin developing the ability to facilitate independently
- Deliverable quality: consistent track record of producing accurate, well-structured client deliverables, assessment reports, risk registers, gap analyses, and roadmap presentations, on time and to standard
- Engagement collaboration: work effectively within project teams; communicate status, risks, and issues proactively to the engagement lead; adapt to shifting priorities and client needs
Preferred- Bachelor's degree in Information Security, Risk Management, Business, or a related field
- Industry certifications demonstrating GRC knowledge: CISSP, CISM, CISA, CRISC, CGEIT, GRCP, Security+, or equivalent; platform certifications from ServiceNow, OneTrust, or Archer are a strong plus
- Experience in enterprise environments across financial services, healthcare, retail, manufacturing, or public sector, particularly where compliance intersects with regulatory scrutiny (SOX, HIPAA, PCI DSS, DORA, FedRAMP)
- Prior consulting experience at a professional services firm, systems integrator, or equivalent client-facing advisory role
- Familiarity with pre-sales processes: SOW development, effort estimation, or proposal support
Key Competencies- GRC domain depth and hands-on program execution
- Delivery quality and individual accountability
- Clear technical communication, written and verbal
- Collaborative team contributor with a growth orientation
Success in this role means executing GRC deliverables with high quality and growing independence, building credibility with client teams through consistent performance, expanding domain depth and consulting skills, and contributing to a practice that clients trust and return to while building toward the skills and experience required to step into a Lead Consultant role
Want to learn more about Consulting & Security Services? Check us out on our platform:https://www.wwt.com/consulting-services
https://www.wwt.com/category/security-transformation
Certain states and localities require employers to post a reasonable estimate of salary range. A reasonable estimate of the current base pay range for this position is $146,500 to $185,000 annually. Actual salary will be based on a variety of factors, including shift, location, experience, skill set, performance, licensure and certification, and business needs. The range for this position in other geographic locations may differ. Certain positions may also be eligible for variable incentive compensation, such as bonuses or commissions, that is not included in the base pay.
The well-being of WWT employees is essential. So, when it comes to our benefits package, WWT has one of the best. We offer the following benefits to all full-time employees:
- Health and Wellbeing: Health, Dental, and Vision Care, Onsite Health Centers, Employee Assistance Program, Wellness program
- Financial Benefits: Competitive pay, Profit Sharing, 401k Plan with Company Matching, Life and Disability Insurance, Tuition Reimbursement
- Paid Time Off: PTO and Sick Leave (starting at 20 days per year) & Holidays (10 per year), Parental Leave, Military Leave, Bereavement
- Additional Perks: Nursing Mothers Benefits, Voluntary Legal, Pet Insurance, Employee Discount Program
We strive to create an environment where all employees are empowered to succeed based on their skills, performance, and dedication. Our goal is to cultivate a culture of belonging that encourages innovation, collaboration, and respect for all team members, ensuring that WWT remains a great place to work for All!
Position Overview:The Senior Cyber Risk and Strategy Consultant is a skilled individual contributor who owns defined delivery tasks and workstream components within WWT's Governance, Risk, Strategy and Compliance practice. Positioned below the Lead Consultant, the Senior Consultant brings hands-on depth across GRC domains, executes high-quality client deliverables with growing independence, and begins developing trusted client relationships at the working level.
The Senior Consultant is the engine of GRC delivery, leading risk assessments, facilitating compliance gap analyses, supporting policy and control design, and producing the analytical outputs that underpin client recommendations. They work under the direction of a Lead Consultant, Principal or Senior Manager, and are expected to grow steadily toward owning full workstreams and contributing to pre-sales activities.
Essential Functions: Engagement Delivery- Execute assigned delivery tasks and workstream components within GRC engagements with accountability for quality, accuracy, and on-time completion
- Lead technical components of GRC assessments: conduct current-state discovery, perform control environment reviews, document findings, and score maturity against defined frameworks with guidance from the engagement lead
- Perform hands-on GRC work: risk register development, control mapping and gap analysis, policy review and drafting, compliance readiness assessments, and third-party risk evaluation
- Produce client-ready deliverables - assessment findings, risk registers, control gap registers, maturity scorecards, roadmap inputs, and executive summaries - that meet WWT's professional services quality standards
- Facilitate discovery sessions, stakeholder interviews, and working-level workshops; synthesize findings into structured outputs for Lead Consultant review
- Support strategy and program design activities: document current-state compliance posture, identify gaps and risks, and contribute to future-state program recommendations under direction of the Lead Consultant or Senior Manager
Client Engagement- Build working-level relationships with client technical teams, compliance officers, and project stakeholders; establish credibility as a reliable, knowledgeable GRC resource throughout the engagement
- Communicate findings clearly and accurately to client counterparts; begin developing the ability to present findings to project sponsors and working-group leadership
- Contribute to client status reporting, meeting facilitation, and action item tracking under the direction of the engagement lead
Pursuit & Practice Support- Support pre-sales and pursuit activities: contribute to SOW scoping, effort estimation, and proposal content under the direction of the Lead Consultant or Senior Manager
- Contribute to practice development through reusable delivery assets, assessment templates, control libraries, and technical write-ups
- Begin developing commercial awareness: understand engagement economics, utilization expectations, and how delivery quality connects to client satisfaction and account growth
Growth & Development- Actively build depth across GRC domains and regulatory frameworks through project work, certifications, and self-directed learning
- Seek and apply feedback from Lead Consultants and Senior Managers; demonstrate consistent growth in delivery independence, communication quality, and domain breadth
- Begin supporting and coaching more junior colleagues on technical tasks and WWT delivery standards