Senior Associate Consultant - Regulatory Compliance

AHEAD builds platforms for digital business. By weaving together advances in cloud infrastructure, automation and analytics, and software delivery, we help enterprises deliver on the promise of digital transformation.

At AHEAD, we prioritize creating a culture of belonging, where all perspectives and voices are represented, valued, respected, and heard. We create spaces to empower everyone to speak up, make change, and drive the culture at AHEAD.

We are an equal opportunity employer, and do not discriminate based on an individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, marital status, or any other protected characteristic under applicable law, whether actual or perceived.

We embrace all candidates that will contribute to the diversification and enrichment of ideas and perspectives at AHEAD.

We are seeking a Consultant specializing in Security Governance, Risk, and Compliance (GRC) with a strong focus on security compliance assessments, particularly against NIST frameworks. This role requires a combination of security and consulting subject matter expertise, and client-facing communication skills to deliver high-quality solutions tailored to each client’s unique security and compliance needs.

The ideal candidate will be proactive, detail-oriented, and capable of independently driving workstreams while contributing to the broader success of client engagements. This is a challenging yet rewarding role that provides an opportunity to work with diverse set of clients across multiple industries.

Security Compliance Specifics :
• Apply compliance frameworks (e.g., NIST, ISO, etc.) to assess, design, and implement security controls for enterprise environments.

• Conduct compliance gap assessments, develop remediation plans, and guide clients through audit readiness processes.

• Create and maintain key documentation such as risk assessments, controls mapping, compliance roadmaps, and policies tailored to client needs.

• Ensure alignment with regulatory requirements and standards, such as NIST, CMMC, ISO 27001, or SOC 2, based on the engagement scope.

• Stay informed of evolving compliance frameworks, regulatory changes, and security best practices to provide clients with up-to-date and actionable recommendations.

• Support clients in developing and maturing their GRC programs, with an emphasis on measurable security improvement and compliance sustainability.

Client Delivery :
• Manage and run defined workstreams with minimal oversight, ensuring continuity and success across client engagements.

• Maintain workstream RAID documentation (Risks, Assumptions, Issues, Dependencies) and proactively mitigate risks to keep projects on track.

• Communicate project status, risks, and decisions clearly and effectively to clients, ensuring transparency and alignment.

• Produce client-ready drafts of deliverables with minimal rework, adhering to professional quality standards.

• Leverage QA checklists and processes to identify issues early and ensure consistency across deliverables.

• Analyze tradeoffs, present options, and provide well-reasoned recommendations, escalating challenges along with proposed solutions when necessary.

• Independently sustain progress on client engagements during critical periods, maintaining momentum for up to 5–10 business days if required.

• Contribute to client knowledge transfer and training efforts, ensuring operational teams are equipped to maintain compliance post-engagement.

Qualifications:
• Undergraduate technical degree in Engineering, Computer Science, IT Management, Cybersecurity, or related field preferred, but not required.

• Minimum of 4-6 years’ professional, relevant experience, with at least 2 years in a client facing role.

• 1–2 professional and/or technical certifications in IT security, cloud security, or application security (e.g., CompTIA Security+, ISC^2 CC, etc.)

• Solid understanding of common compliance frameworks (e.g., NIST, ISO, CMMC, etc.) and their application in enterprise environments.

• Strong technical knowledge of what good evidence looks like for assessments beyond policy and procedure language. A technical assessment will be performed during the interview process to confirm this critical skill.

• Knowledge of cybersecurity technologies (e.g., SIEM, vulnerability management, endpoint security) and their integration with compliance mandates.

• Hands-on experience with tools and platforms supporting GRC workflows (e.g., Archer, ServiceNow GRC, or similar).

• Excellent verbal and written communication skills (high proficiency in Microsoft Office Suite required).

• Comfortable addressing and presenting to groups in virtual or in-person settings.

• Strong problem-solving abilities, capable of addressing complex and abstract challenges.

• Exceptional interpersonal skills, with the ability to connect and collaborate with diverse personalities and stakeholders.

The compensation range indicated in this posting reflects the On-Target Earnings (“OTE”) for this role, which includes a base salary and any applicable target bonus amount. This OTE range may vary based on the candidate’s relevant experience, qualifications, and geographic location.

Why AHEAD:

Through our daily work and internal groups like Moving Women AHEAD and RISE AHEAD, we value and benefit from diversity of people, ideas, experience, and everything in between.

We fuel growth by stacking our office with top-notch technologies in a multi-million-dollar lab, by encouraging cross department training and development, sponsoring certifications and credentials for continued learning.

USA Employment Benefits include:

- Medical, Dental, and Vision Insurance

- 401(k)

- Paid company holidays

- Paid time off

- Paid parental and caregiver leave

- Plus more! See benefits https://www.aheadbenefits.com/ for additional details.

Use of AI:

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, assessing responses, or to capture recordings and create transcriptions or summaries during interviews. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans.

If you would like more information about how your data is processed, please refer to the Candidate Privacy Notice or contact us at [email protected].

You may opt-out of the review or analysis of your application and resume by AI tools by using the General Application. Please include the role you wish to apply for in the Additional Information field. You may also choose to opt-out of recording and transcription at any time, including after joining an interview. Candidates will not be penalized for choosing to opt-out.