Senior GRC Consultant (USA - Remote) Governance, Risk and Compliance (GRC) · Leeds HQ ·

Location: USA (Remote)

Salary: $90,000 - $110,000 (Dependent on experience)

We are seeking a Senior GRC Consultant to join our GRC Consulting team. This is a client-facing, delivery-led role for an experienced security and compliance professional who can lead engagements, own client relationships, and provide high-quality advisory services. You will play a key role in shaping client outcomes, mentoring junior team members, and helping evolve our GRC delivery capability.

Cognisys is a leading Cyber Security company specialising in Penetration Testing, GRC Consulting, and Managed Security services. We pride ourselves on our customer service, forward-thinking approach and commitment to excellence. Our small but mighty team works with some of the best-known companies in the world, covering over 30 different countries across the globe!

About the Role

Our GRC Consulting practice helps organisations strengthen their security posture and achieve compliance through clear, structured, and practical guidance. We work with clients at different stages of maturity, from building foundational security programmes to operating mature, scalable compliance functions. As a Senior GRC Consultant, you will take responsibility for designing and delivering GRC engagements end-to-end. You will translate regulatory and framework requirements into practical, business-aligned solutions, guide clients through complex compliance challenges, and act as a trusted advisor to technical and non-technical stakeholders alike. This role suits someone who combines strong technical GRC knowledge with consulting experience, confidence in client delivery, and a desire to raise the standard of security governance across organisations.

Key Responsibilities

• Client Leadership & Delivery: Lead and deliver GRC consulting engagements across a range of clients and industries. Act as the primary point of contact for assigned clients, owning delivery quality and client satisfaction. Design and implement GRC programmes aligned to frameworks such as ISO 27001, SOC 2, NIST, and related standards. Lead security posture assessments, gap analyses, and maturity reviews. Develop practical remediation roadmaps and guide clients through implementation. Support clients through audit preparation, certification, and external assessments. Facilitate client workshops, risk assessments, and stakeholder sessions with confidence and authority.
• Advisory & Technical Expertise: Provide expert guidance on security governance, risk management, and compliance strategy. Interpret standards and regulations and translate them into pragmatic, business-focused solutions. Advise clients on control design, operating models, and sustainable compliance practices. Support the development of client security documentation including policies, procedures, risk registers, control frameworks, and governance models. Help clients embed compliance into operational and technical processes rather than treating it as a one-off activity.
• Quality & Delivery Excellence: Own the quality of client deliverables, ensuring accuracy, clarity, and consistency with internal standards. Review and provide constructive feedback on work produced by junior consultants and analysts. Continuously improve delivery playbooks, templates, and methodologies. Ensure engagements are delivered on time, within scope, and to a high professional standard.
• Team Leadership & Mentorship: Mentor and support junior team members, accelerating their technical and consulting development. Provide guidance, coaching, and informal line management support where required. Act as a role model for consulting best practice and professional conduct. Contribute to building a collaborative, high-performing team culture.
• Operational Improvement & Practice Growth: Identify opportunities to improve delivery efficiency, tooling, and ways of working. Contribute to the development of a scalable and repeatable GRC consulting model. Support pre-sales activity where required, including scoping, proposal input, and client discovery sessions. Help shape the strategic direction of the GRC practice through feedback and innovation.

Requirements

• 5+ years’ experience in security, risk, compliance, or GRC-focused roles.
• Strong practical experience with one or more frameworks such as ISO 27001, SOC 2, NIST, or similar.
• Proven experience delivering client-facing GRC or compliance engagements.
• Confidence leading client meetings, workshops, and complex discussions.
• Ability to design security governance and compliance programmes, not just implement them.
• Strong written communication skills, with experience producing high-quality client documentation.
• Experience mentoring or supporting the development of junior team members.
• Strong organisational skills and ability to manage multiple engagements and priorities.
• A pragmatic, solutions-focused mindset with an understanding of business realities.
• Consulting experience is highly desirable.

What We Offer

• Annual Leave: 25 days per year, plus UK bank holidays.
• Additional Leave: 1 day of paid leave on your Birthday!
• Health & Wellbeing: Access to our Employee Mental Health and Wellbeing platform.
• Professional Development: £2,000 annual training budget to support your continued learning and career growth.
• A dynamic and supportive work environment where customer care and innovation drive everything we do.
• Refer a friend bonus scheme, up to £2,000!

EEO Statement

We welcome applications from candidates from a range of diverse backgrounds and can make various reasonable adjustments to consider individual needs.