Senior Consultant - IT Governance, Risk & Compliance (GRC)

Senior Consultant – IT Governance, Risk & Compliance (GRC)

ABOUT INFINITIVE

Infinitive is a data and AI consultancy that enables its clients to modernize and operationalize their data to create lasting and substantial value. We bring deep industry and technology expertise to drive and sustain adoption of new capabilities, matching our people and personalities to our clients' culture while delivering the right mix of talent and skills to enable measurable value.
Infinitive has been named Best Small Firms to Work For by Consulting Magazine 8 times, most recently in 2025, and has also been recognized as a Washington Post Top Workplace, Washington Business Journal Best Places to Work, and Virginia Business Best Places to Work.

POSITION OVERVIEW

The Senior Consultant – IT GRC is a key contributing team member within Infinitive's Transformation Practice. In this role, you will apply your expertise in IT governance, risk management, and compliance to drive successful client engagements from initiation through delivery. You will serve as a primary liaison between client stakeholders and internal teams, translating complex regulatory and risk requirements into actionable frameworks and project plans while ensuring delivery quality, schedule adherence, and measurable client value.

ROLES & RESPONSIBILITIES

GRC Program Delivery

• Lead or co-lead the design, implementation, and assessment of IT GRC programs including risk management frameworks, control libraries, and compliance roadmaps
• Conduct risk assessments, control gap analyses, and maturity evaluations aligned to industry frameworks (NIST CSF, ISO 27001, SOC 2, COBIT, CMMC, FedRAMP)
• Develop and maintain GRC deliverables including policies, standards, control matrices, risk registers, and audit evidence packages
• Support clients in remediating audit findings and implementing sustainable controls to reduce residual risk
• Track project progress against milestones, flag risks to leadership, and take ownership of assigned components with accountability for on-time, high-quality delivery
• Maintain 90%+ billability in support of Infinitive's organizational strategy and personal bonus eligibility

Compliance & Regulatory Analysis

• Perform regulatory and compliance gap assessments across frameworks such as HIPAA, PCI-DSS, SOX, GDPR, CCPA, FISMA, and sector-specific requirements
• Act as primary author of—or provide substantial input to—client-facing deliverables including compliance roadmaps, risk treatment plans, audit readiness reports, and remediation trackers
• Map overlapping control requirements across multiple frameworks to streamline compliance efforts and reduce duplication
• Use data to understand the scope of client risk exposures, generate insights, and develop recommended solutions in collaboration with project leadership

IT Risk Management

• Facilitate risk identification and prioritization workshops with client stakeholders across IT, security, legal, and business functions
• Develop and maintain risk registers, risk heat maps, and third-party/vendor risk assessment programs
• Support the integration of GRC tooling (e.g., ServiceNow GRC, Archer, OneTrust, Vanta) to automate risk and compliance workflows
• Demonstrate a clear understanding of project goals and client ROI; proactively surface potential needs, pain points, and risk exposures to leadership

Client Relationship Management

• Maintain professional, responsive, and constructive client relationships with the goal of becoming a trusted GRC advisor
• Present findings and deliverables to client stakeholders including CISOs, CIOs, compliance officers, and audit committees
• Communicate clearly and with discretion across internal and external audiences, including senior executive and regulatory stakeholders
• Identify new opportunities through client interactions and raise them to Infinitive leadership to support sales activities

Team & Organizational Contribution

• Collaborate cross-functionally with Infinitive and client teams including cybersecurity, data, and cloud engineering practices
• Actively learn adjacent skill sets and engage with fellow team members to build broad consulting capabilities
• Participate actively in Infinitive's cultural events, career development initiatives, and recruiting efforts
• Support sales and marketing activities as schedule allows, including communicating Infinitive's GRC capabilities and differentiators
• Maintain flexibility when navigating change; take initiative to expand your skill set while keeping leadership informed

COMPETENCIES & SKILLS

• Knowledge of IT GRC frameworks including NIST CSF, NIST 800-53, ISO 27001/27002, SOC 2, COBIT, CMMC, and FedRAMP
• Hands-on experience conducting control assessments, risk assessments, and audit readiness activities
• Proficiency with GRC platforms and tooling such as ServiceNow GRC, Archer RSA, OneTrust, Vanta, or equivalent
• Business analysis skills including requirements gathering, process mapping, gap analysis, and stakeholder facilitation — applied to GRC program design and implementation
• Project management methodologies, with experience managing compliance and risk remediation initiatives in Agile and waterfall environments
• Strong interpersonal and communication skills; ability to engage effectively with both technical teams and executive client leadership
• Familiarity with cloud security and compliance postures across AWS, Microsoft Azure, and/or Google Cloud Platform (e.g., shared responsibility model, cloud-native security controls)