IT GRC Program Manager

Job Description

Company: ConsultNet Technology Services and Solutions

Location: Rockville, US

Title: IT GRC Program Manager
Location: Greater DC Area
Target Start Date: ASAP
Type: Direct Hire
Salary / Pay Rate: DOE

Why Work Here
This organization operates at the intersection of technology and life sciences, giving IT professionals the opportunity to contribute to work that genuinely matters. The culture values collaboration and continuous learning, with teams that are deeply committed to both innovation and accountability. Leadership is accessible and invests in the growth of its people, creating a stable and supportive environment where long-tenured employees are common. The IT security function is well-resourced and treated as a strategic priority, meaning your work will have real visibility and impact. For a compliance-minded professional looking to make a difference within a mission-driven company, this is a compelling place to build a career.

About the Role
This is a senior-level program management role within the Information Technology department, reporting to a Principal Cyber Security Architect. The person in this position will own the design and ongoing operation of the organization’s Governance, Risk, and Compliance program, ensuring that controls, policies, and assessments meet both internal standards and external regulatory requirements. A major component of the role involves leading Third Party Risk Management activities, managing vendor assessments, and working cross-functionally with technical and non-technical teams alike. The position also requires a strong command of internationally recognized compliance frameworks and the ability to translate complex security concepts for a broad range of stakeholders. This role is well suited for a self-directed professional who thrives in an environment that demands both strategic thinking and hands-on execution.

Responsibilities
• Lead the development and ongoing evaluation of IT controls using established best practice frameworks, ensuring adherence across technical teams
• Stay current on cybersecurity trends, strategies, and concepts, and hold teams accountable for meeting security and compliance deliverables
• Participate in enterprise risk management activities, partnering with business units to identify, assess, and communicate risks with recommended mitigation strategies
• Maintain the risk register and track remediation progress across departments
• Support business continuity and disaster recovery planning and testing activities
• Lead the Third Party Risk Management program, including vendor assessments and ongoing monitoring
• Conduct compliance reviews, gap analyses, and assessments, and produce dashboards and reports that reflect current compliance status
• Evaluate and benchmark internal information security practices against national and international frameworks on a continual basis
• Support the cybersecurity maturity program by tracking milestones, programs, and key initiatives
• Coordinate with Quality, Regulatory Affairs, and audit teams to provide evidence and materials in support of audits
• Author and update security policies, standards, and procedures to ensure controls are well-documented and accessible
• Collaborate with cross-functional teams to embed security controls into business processes and confirm that IT systems align with corporate standards
• Manage evidence collection and artifact preparation for audits and assessments
• Assist in the execution of the Vulnerability Management Program and support IT Risk, Security, and Compliance certifications
• Facilitate cross-functional compliance working groups to promote continuous improvement

Required Skills
• Bachelor’s degree in a related field
• Minimum of five years of experience managing complex IT compliance requirements
• Solid background in Information Technology and Information Security concepts
• Experience working with US and international data protection and privacy regulations, including GDPR and CCPA
• Prior experience as an auditor within a complex compliance environment, with familiarity with frameworks such as ISO 27000, NIST 800-53, and NIST 800-171
• Demonstrated experience authoring and maintaining security policies, procedures, and control documentation
• Experience leading, managing, or mentoring staff including direct reports, matrixed reports, and project-assigned personnel
• Proven ability to work cross-functionally with both technical and non-technical stakeholders
• Expert-level knowledge of IT compliance frameworks including ISO 27001, ISO 27017, NIST 800-171, and CMMC
• Strong ability to evaluate regulatory documents and determine the appropriate course of action
• Proficiency with GRC tools, compliance management platforms, and Microsoft Office applications
• Excellent written and verbal communication skills, including the ability to translate technical security concepts for non-technical audiences

Bonus / Soft Skills
• Familiarity with SOC 2, GDPR, CCPA, HIPAA, HiTrust, and 21 CFR Part 11 frameworks
• Understanding of AWS compliance considerations and cloud security concepts
• One or more of the following certifications: CISA, CRISC, SSCP, CSA CCSK, or CSA CCAK
• Strong analytical and problem-solving abilities with a structured approach to decision-making
• Highly organized with the capacity to manage and track multiple simultaneous initiatives
• Strong interpersonal and negotiation skills with the ability to influence without authority
• Collaborative team mindset balanced with the ability to work independently when needed
• Risk management acumen with the ability to apply concepts practically within a business environment

Welcome to ConsultNet, a premier national provider of technology talent and solutions. Our expertise spans across project services, contract-to-hire, direct search, and managed services onshore, nearshore, and hybrid. For over 25 years, we have connected thousands of consultants with meaningful roles through a personal, communication-driven approach, partnering with a diverse client base to build high-performing teams and create lasting impact. Our comprehensive service offerings cover a wide range of technology and engineering positions across key markets nationwide. Learn more at www.consultnet.com .

We champion equality and inclusivity, proudly supporting an Equal Opportunity Employer policy. We welcome applicants regardless of Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other status protected by law.

Source: LinkedIn