World Wide Technology

Senior Security Solutions Consultant - Cyber Risk and Strategy

World Wide Technology$146K — $185K *
US-AnywhereRemote in United States
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 4-8 years of cybersecurity, IT risk, or compliance experience focusing on Governance, Risk, and Compliance (GRC).
  • Hands-on experience in at least two GRC domains: risk management, compliance program management, policy governance, or third-party risk.
  • Familiarity with leading GRC platforms such as ServiceNow, Archer, or OneTrust, including configuration and reporting.
  • Solid understanding of GRC frameworks like NIST CSF, ISO standards, and SOC 2 Trust Services.
  • Proven consulting skills including structured discovery, gap analysis, and technical communication.

Responsibilities

  • Lead assigned components in GRC engagements to ensure high-quality outcomes.
  • Conduct comprehensive assessments including risk evaluation and compliance gap analysis.
  • Produce client-ready deliverables, such as risk registers and maturity scorecards, meeting professional standards.
  • Facilitate workshops and stakeholder interviews to synthesize GRC findings effectively.
  • Support pre-sales activities by contributing to scope and proposals for potential engagements.

Benefits

  • Comprehensive health, dental, and vision insurance with onsite wellness programs.
  • Financial benefits including profit sharing, 401k with matching, and tuition reimbursement.
  • Generous paid time off starting at 20 days per year, including parental and military leave.
  • Additional perks like pet insurance and employee discounts.
Full Job Description
Qualifications:

Required
  • 4-8 years of experience in cybersecurity, IT risk, or compliance with a clear focus on GRC; must include hands-on experience with at least two GRC domains (risk management, compliance program management, policy governance, or third-party risk)
  • Hands-on experience across GRC domains and platforms, including one or more of:
    • Risk Management - enterprise and IT risk assessments, risk register development, risk quantification (FAIR or qualitative), risk treatment planning, and KRI design
    • Compliance Program Management - regulatory gap assessments, controls mapping, audit readiness, evidence collection workflows, and remediation tracking against frameworks such as SOC 2, ISO 27001, FedRAMP, HIPAA, PCI DSS, DORA, or SOX ITGC
    • Policy & Control Governance - policy development and review cycles, control framework design (NIST, CIS, ISO), control testing methodology, and policy exception management
    • Third-Party & Vendor Risk - vendor risk tiering, assessment questionnaire management, contractual control review, and ongoing monitoring program design
    • GRC Platforms - ServiceNow GRC, Archer, OneTrust, Vanta, Drata, or equivalent: workflow configuration, risk and compliance module setup, or reporting and dashboard design
  • Working knowledge of GRC and security frameworks: NIST CSF 2.0, NIST SP 800-53, NIST RMF, ISO 27001/27002, CIS Controls v8, SOC 2 Trust Services Criteria, COBIT, PCI DSS v4, HIPAA Security Rule, SOX ITGC, FedRAMP, and DORA
  • Understanding of core GRC concepts: risk appetite and tolerance, control design vs. control effectiveness, separation of duties, three lines of defense, audit lifecycle, regulatory change management, and data privacy principles

Demonstrated consulting delivery competencies, including:
  • Structured discovery: ability to conduct current-state discovery interviews, gather documentation and evidence, manage information collection across workstreams, and synthesize findings into clear, structured outputs
  • Gap analysis: experience assessing GRC program maturity against frameworks, documenting control gaps, and prioritizing findings by risk and business impact
  • Technical communication: ability to translate risk and compliance findings into clear written deliverables and verbal summaries for technical and working-level client audiences
  • Workshop facilitation: participate in and contribute to discovery sessions, risk workshops, and working-group meetings; begin developing the ability to facilitate independently
  • Deliverable quality: consistent track record of producing accurate, well-structured client deliverables, assessment reports, risk registers, gap analyses, and roadmap presentations, on time and to standard
  • Engagement collaboration: work effectively within project teams; communicate status, risks, and issues proactively to the engagement lead; adapt to shifting priorities and client needs

Preferred
  • Bachelor's degree in Information Security, Risk Management, Business, or a related field
  • Industry certifications demonstrating GRC knowledge: CISSP, CISM, CISA, CRISC, CGEIT, GRCP, Security+, or equivalent; platform certifications from ServiceNow, OneTrust, or Archer are a strong plus
  • Experience in enterprise environments across financial services, healthcare, retail, manufacturing, or public sector, particularly where compliance intersects with regulatory scrutiny (SOX, HIPAA, PCI DSS, DORA, FedRAMP)
  • Prior consulting experience at a professional services firm, systems integrator, or equivalent client-facing advisory role
  • Familiarity with pre-sales processes: SOW development, effort estimation, or proposal support

Key Competencies
  • GRC domain depth and hands-on program execution
  • Delivery quality and individual accountability
  • Clear technical communication, written and verbal
  • Collaborative team contributor with a growth orientation

Success in this role means executing GRC deliverables with high quality and growing independence, building credibility with client teams through consistent performance, expanding domain depth and consulting skills, and contributing to a practice that clients trust and return to while building toward the skills and experience required to step into a Lead Consultant role

Want to learn more about Consulting & Security Services? Check us out on our platform:

https://www.wwt.com/consulting-services

https://www.wwt.com/category/security-transformation

Certain states and localities require employers to post a reasonable estimate of salary range. A reasonable estimate of the current base pay range for this position is $146,500 to $185,000 annually. Actual salary will be based on a variety of factors, including shift, location, experience, skill set, performance, licensure and certification, and business needs. The range for this position in other geographic locations may differ. Certain positions may also be eligible for variable incentive compensation, such as bonuses or commissions, that is not included in the base pay.

The well-being of WWT employees is essential. So, when it comes to our benefits package, WWT has one of the best. We offer the following benefits to all full-time employees:
  • Health and Wellbeing: Health, Dental, and Vision Care, Onsite Health Centers, Employee Assistance Program, Wellness program
  • Financial Benefits: Competitive pay, Profit Sharing, 401k Plan with Company Matching, Life and Disability Insurance, Tuition Reimbursement
  • Paid Time Off: PTO and Sick Leave (starting at 20 days per year) & Holidays (10 per year), Parental Leave, Military Leave, Bereavement
  • Additional Perks: Nursing Mothers Benefits, Voluntary Legal, Pet Insurance, Employee Discount Program

We strive to create an environment where all employees are empowered to succeed based on their skills, performance, and dedication. Our goal is to cultivate a culture of belonging that encourages innovation, collaboration, and respect for all team members, ensuring that WWT remains a great place to work for All!



Position Overview:

The Senior Cyber Risk and Strategy Consultant is a skilled individual contributor who owns defined delivery tasks and workstream components within WWT's Governance, Risk, Strategy and Compliance practice. Positioned below the Lead Consultant, the Senior Consultant brings hands-on depth across GRC domains, executes high-quality client deliverables with growing independence, and begins developing trusted client relationships at the working level.

The Senior Consultant is the engine of GRC delivery, leading risk assessments, facilitating compliance gap analyses, supporting policy and control design, and producing the analytical outputs that underpin client recommendations. They work under the direction of a Lead Consultant, Principal or Senior Manager, and are expected to grow steadily toward owning full workstreams and contributing to pre-sales activities.

Essential Functions:

Engagement Delivery
  • Execute assigned delivery tasks and workstream components within GRC engagements with accountability for quality, accuracy, and on-time completion
  • Lead technical components of GRC assessments: conduct current-state discovery, perform control environment reviews, document findings, and score maturity against defined frameworks with guidance from the engagement lead
  • Perform hands-on GRC work: risk register development, control mapping and gap analysis, policy review and drafting, compliance readiness assessments, and third-party risk evaluation
  • Produce client-ready deliverables - assessment findings, risk registers, control gap registers, maturity scorecards, roadmap inputs, and executive summaries - that meet WWT's professional services quality standards
  • Facilitate discovery sessions, stakeholder interviews, and working-level workshops; synthesize findings into structured outputs for Lead Consultant review
  • Support strategy and program design activities: document current-state compliance posture, identify gaps and risks, and contribute to future-state program recommendations under direction of the Lead Consultant or Senior Manager

Client Engagement
  • Build working-level relationships with client technical teams, compliance officers, and project stakeholders; establish credibility as a reliable, knowledgeable GRC resource throughout the engagement
  • Communicate findings clearly and accurately to client counterparts; begin developing the ability to present findings to project sponsors and working-group leadership
  • Contribute to client status reporting, meeting facilitation, and action item tracking under the direction of the engagement lead

Pursuit & Practice Support
  • Support pre-sales and pursuit activities: contribute to SOW scoping, effort estimation, and proposal content under the direction of the Lead Consultant or Senior Manager
  • Contribute to practice development through reusable delivery assets, assessment templates, control libraries, and technical write-ups
  • Begin developing commercial awareness: understand engagement economics, utilization expectations, and how delivery quality connects to client satisfaction and account growth

Growth & Development
  • Actively build depth across GRC domains and regulatory frameworks through project work, certifications, and self-directed learning
  • Seek and apply feedback from Lead Consultants and Senior Managers; demonstrate consistent growth in delivery independence, communication quality, and domain breadth
  • Begin supporting and coaching more junior colleagues on technical tasks and WWT delivery standards

About World Wide Technology

World Wide Technology (WWT) is a technology solution provider that offers a wide range of services to businesses and organizations. The company was founded in 1990 and is headquartered in Maryland Heights, Missouri. WWT provides a variety of services, including consulting, design, integration, and managed services. The company has a strong focus on innovation and has been recognized for its efforts in this area. WWT has partnerships with many leading technology companies, including Cisco, Dell, and Microsoft. The company has a global presence, with offices in the United States, Europe, and Asia.
Learn more about World Wide Technology
Size
7,000 employees
Industry
Founded
1990

Similar Jobs

More Jobs at World Wide Technology

More Information Technology Jobs

Find similar Senior Security Solutions Consultant - Cyber Risk and Strategy jobs: