Security Consultant (GRC and Security Controls Focus)

Job Title: Security Consultant ( GRC and Security Controls Focus ) Job Type: Full-Time Remote About Us: Blue INK Security is a leading cybersecurity firm dedicated to protecting organizations from evolving cyber threats. We specialize in designing, implementing, and managing robust security solutions tailored to our clients' needs. Our team of cybersecurity professionals helps clients build resilient security programs that align with industry best practices, regulatory requirements, and business objectives. Job Description: We are seeking a proactive and enthusiastic Security Consultant to join our team. This role requires experience supporting cybersecurity programs, participating in risk assessments, and understanding technical security controls. Directly supporting our client-facing CISOs, the Security Consultant will support strategic and tactical security initiatives for our clients, ensuring that their security posture is both compliant and operationally sound. This position is ideal for a hands-on security practitioner who is comfortable working with mid-size organizations, supporting security initiatives, and following best practices in technically diverse environments. As a Security Consultant, you will primarily support our client-facing CISOs, on cybersecurity risk management, compliance, and security architecture, helping them align their security programs with industry standards such as ISO 27001, CIS Controls, NIST frameworks, SOC 2, and HIPAA. Experience supporting data privacy programs or AI governance initiatives is considered a strong plus but is not required. Key Responsibilities: Compliance & Governance

• Support CISO with cybersecurity compliance initiatives such as ISO 27001, CIS Critical Security Controls, NIST 800-171, SOC 2, and HIPAA.
• Research and develop sound information security policies, standards, and governance frameworks aligned with regulatory requirements and industry best practices.
• Support compliance gap assessments and develop roadmaps to help organizations achieve and maintain certifications.
• Support audit preparation, evidence collection, and ongoing compliance monitoring.

Nice to Have

• Assist clients in developing or improving data privacy programs aligned with regulations such as GDPR, CCPA, or other global privacy standards.
• Support governance initiatives related to emerging technologies such as AI risk management and responsible AI usage

Security Controls & Implementation

• Support the implementation of practical security controls for networks, cloud environments, SaaS platforms, and enterprise applications.
• Experienced with security technologies including SIEM, endpoint protection, IAM, vulnerability management, and incident response tools.
• Experienced with

identity and access management (IAM), endpoint security, logging and monitoring, and data protection practices.

• Experienced with

security architecture and secure configuration of IT and cloud environments.

• Assist CISO in developing and maintaining secure operational processes such as patch management, backup strategies, and incident response procedures.

Nice to Have

• Support the implementation of privacy-by-design practices within security architecture and data management processes.
• Evaluate AI tools, automation platforms, and third-party technologies for security and data protection risks.

Leadership

• Experienced with supporting

executive cybersecurity leadership, IT teams, and business stakeholders.

• Understand strategic guidance on security investments, technology adoption, and security team development.
• Experienced with

incident response plans, security awareness programs, and tabletop exercises.

• Support CISO in building long-term cybersecurity strategies and governance programs.
• Work cross-functionally with legal, IT, and compliance teams to align security initiatives with business objectives.

Nice to Have

• Support clients requiring fractional leadership roles, such as CISO, DPO, or governance advisor.
• Provide guidance on responsible AI use, risk management, and regulatory developments affecting AI technologies.

Project Management

• Manage security and compliance initiatives during planning or execution.
• Experience with cybersecurity roadmaps and maturity improvement plans for clients.
• Experience with

security metrics, KPIs, and risk indicators to support executive reporting.

• Coordinate across internal teams, vendors, auditors, and cli