Crux Security Senior Security Consultant - GRC Remote · Full time Company website

Apply for Senior Security Consultant - GRC

Crux Security is a comprehensive cybersecurity firm that blends GRC SaaS solutions with high-touch security services to help businesses build and manage effective security programs. Headquartered in Austin, TX, we work across industries—including finance, healthcare, defense, and technology—to provide risk advisory, application and network pen testing, security training, and fractional CISO services. Our Crux Platform simplifies security program development, offering automated tools, compliance tracking, and policy management, ensuring companies can confidently demonstrate and maintain their security posture.

About the Role

We are seeking an experienced Senior Security Consultant - GRC to help organizations design, implement, and optimize security programs that align with business goals and regulatory requirements. This role requires expertise in governance, risk, and compliance (GRC), as well as the ability to translate security frameworks into technical controls. You will work closely with clients to assess security posture, develop strategic roadmaps, and ensure compliance with industry standards.

Key Responsibilities

• Security Program Consulting: Advise clients on security strategy, risk management, and compliance initiatives.
• Framework Implementation: Assess, implement, and align security programs with frameworks such as CMMC, NIST CSF, ISO 27001, CIS Controls, PCI DSS, SOC 2, HITRUST, and FedRAMP.
• Technical Control Implementation: Guide clients in implementing security controls across networks, applications, cloud environments, and endpoints.
• Risk Assessments & Gap Analysis: Conduct security risk assessments, maturity evaluations, and compliance gap analyses to provide actionable recommendations.
• Policy & Procedure Development: Develop and refine security policies, standards, and guidelines tailored to client environments.
• Compliance Readiness: Support clients in achieving regulatory compliance and preparing for audits and assessments.
• Security Awareness & Training: Educate stakeholders on best practices for risk management and security program sustainability.
• Executive-Level Advisory: Present findings and strategic recommendations to CISOs, IT leaders, and executive teams.

Required Qualifications

• 8+ years of experience in cybersecurity consulting, GRC, or security program management.
• Strong expertise in security frameworks (NIST, ISO 27001, SOC 2, CIS, PCI DSS, etc.).
• Hands-on experience with technical control implementation across cloud, network, and endpoint security domains.
• Excellent consulting and client management skills—ability to communicate complex security concepts to technical and non-technical stakeholders.
• Experience with risk management methodologies, security assessments, and control validation.
• Strong knowledge of identity & access management (IAM), vulnerability management, and security architecture.
• Ability to develop roadmaps for security program maturity and track remediation efforts.
• Skilled in policy creation and management
• Exceptional presentation, report writing, and executive advisory skills.

Preferred Qualifications

• Certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor.
• Experience working in regulated industries (finance, healthcare, government, etc.).
• Knowledge of DevSecOps, cloud security (AWS, Azure, GCP), and security automation.
• Familiarity with GRC tools and management concepts

Why Join Us?

• Work remotely with a flexible schedule.
• Engage with diverse clients and industries, tackling real-world security challenges.
• Competitive salary, benefits, and professional development opportunities.
• Be part of a team that values innovation, integrity, and client success.

Direct Applicants Only – No Staffing Agencies or Third-Party Recruiters

We are not accepting solicitations from staffing agencies, recruiting firms, or third-party vendors for this position. Any unsolicited resumes or candidate submissions from such entities will not be considered, and we will not be responsible for any associated fees. Thank you for respecting this policy.