Job Specifications
Overview
The GRC & Cybersecurity Consultant at Elastify plays a critical role in helping Elastify’s customers in strengthen their security posture, meeting regulatory obligations, and managing their cyber risk effectively. This role blends strategic advisory work with hands‑on implementation, guiding clients through the design, assessment, and enhancement of cybersecurity and compliance programs.
Key Responsibilities
Governance & Strategy
Executes tasks under the supervision of the Manager, Lead Consultant, or Senior Consultants (leadership).
Develop, refine, and assist with the implementation of cybersecurity governance frameworks aligned with industry standards (e.g., NIST CSF, CIS Controls, SOC 2, ISO 27001, etc.).
Support clients in establishing cybersecurity policies, standards, and procedures.
Facilitate cybersecurity maturity assessments and develop improvement roadmaps.
Ensure ongoing compliance operational support for assigned Compliance-as-a-Service (CaaS) customers.
Risk Management
Conduct enterprise and IT risk assessments, including, as required, threat modelling and control gap analysis.
Identify, evaluate, and prioritize cybersecurity risks across people, processes, and technology.
Recommend risk treatment strategies and support clients in implementing mitigation plans.
Assist in developing and maintaining risk registers and risk reporting dashboards.
Compliance & Audit Support
Conduct readiness assessments and internal audits to prepare clients for external certifications or regulatory reviews.
Support evidence collection, control testing, and remediation activities.
Deliver clear, concise reports, presentations, and recommendations tailored to business and technical audiences.
Facilitate workshops, client training sessions
Qualifications
Education & Experience
Degree in cybersecurity, information systems, computer science, or a related field (or equivalent experience).
1–3+ years of experience in cybersecurity, GRC, IT audit, or risk management consulting.
Experience working with recognized frameworks such as NIST CSF, CIS Controls, ISO 27001, SOC 2, or COBIT.
Skills & Competencies
Understanding of cybersecurity principles, controls, and threat landscapes.
Excellent analytical, problem‑solving, and communication skills.
Ability to manage multiple engagements and deliver high‑quality work under deadlines.
Proactive, detail‑oriented, and highly organized.
Comfortable working independently or as part of a collaborative consulting team.
Client‑focused mindset with a commitment to delivering value.
About the Company
As your business grows, keeping up with compliance requirements and strengthening your security posture can be a real challenge. Often, the expertise you need goes beyond the capabilities and bandwidth of your in-house team. That's why we built Elastify - an IT security consulting firm that delivers the specialized skills and resources to support businesses of all sizes and industries. Whether you need to maintain security, enhance data protection, achieve compliance, or tackle something in between, we handle the heavy lifti...
Know more