Hey! We’re Scale Up, and our client is looking to hire a Senior GRC Consultant .
Type of Employment: Contractor (Long-term)
Work Modality: 100% Remote
Work Schedule: Full-time
Time Zone: U.S. business hours (with flexibility as needed)
Location: LATAM
Our client is a fast-growing U.S.-based cybersecurity and compliance consulting startup that partners with technology companies to build, strengthen, and scale their security and compliance programs. Rather than acting as an external vendor, they work as an extension of their clients' teams, providing embedded security leadership, compliance expertise, and operational support across frameworks such as SOC 2, ISO 27001, HIPAA, GDPR, and more.
This is an opportunity to join a small, highly technical team where you'll have significant ownership, direct client exposure, and the chance to shape security programs for innovative startups.
As a Senior GRC Consultant , you will lead audit readiness, compliance program development, and risk management across multiple client engagements. You'll own compliance frameworks end-to-end—from scoping and evidence collection to gap analysis, remediation guidance, and audit support.
This is a senior, client-facing position where you'll independently manage your own engagements while working directly with executive stakeholders and external auditors.
- Lead compliance readiness engagements including SOC 2 Type I/II, ISO 27001, HIPAA, U.S. state privacy regulations, and UK/EU GDPR.
- Own GRC platforms such as Vanta, Drata, or similar tools, ensuring compliance monitoring remains fully operational and evidence is continuously maintained.
- Conduct formal risk assessments using frameworks such as NIST 800-30, translating technical findings into business and compliance risks.
- Design and implement complete GRC programs, including policies, control frameworks, risk management processes, and evidence collection.
- Perform internal audits, evaluating both control design and operational effectiveness while preparing audit-ready findings.
- Manage vendor security questionnaires, coordinating with internal subject matter experts and maintaining reusable knowledge bases.
- Build strong relationships with client leadership, lead recurring meetings, provide status updates, and manage expectations throughout each engagement.
- Produce high-quality client deliverables including policies, procedures, risk registers, control matrices, evidence packages, and assessment reports.
- 5–7+ years of hands-on experience in GRC, compliance, or information security audits.
- Previous consulting or professional services experience managing multiple client engagements.
- Strong expertise with both:
- SOC 2 Type I & II
- ISO 27001 / ISO 27002
- Experience with one or more additional frameworks such as GDPR, CCPA/CPRA, or HIPAA.
- Experience building compliance programs from the ground up.
- Ability to map controls across multiple compliance frameworks.
- Solid technical understanding of cloud security, IAM, CI/CD pipelines, and security controls.
- Excellent documentation and technical writing skills.
- Professional-level English with confidence leading meetings with U.S.-based clients.
- Experience working directly with external auditors.
- Hands-on experience implementing GDPR or U.S. privacy compliance programs.
- Knowledge of ISO 42001 (AI Management Systems).
- Certifications such as:
- CISA
- CISM
- CRISC
- ISO 27001 Lead Auditor
- ISO 27001 Lead Implementer
- or equivalent.
- Join an early-stage, fast-growing cybersecurity startup.
- Work directly with founders and client leadership.
- Own high-impact client engagements from start to finish.
- Help innovative technology companies mature their security and compliance programs.
- Enjoy long-term remote work with significant autonomy, ownership, and career growth.