Senior Consultant - IT Governance, Risk & Compliance (GRC)

Infinitive

Ashburn, Virginia

JOB DETAILS
SKILLS
Agile Programming Methodologies, Amazon Web Services (AWS), Analysis Skills, Artificial Intelligence (AI), Business Analysis, Business Strategy, Career Development, Cloud Computing, Communication Skills, Computer Security, Consulting, Control Objectives for Information and related Technology (COBIT), Cross-Functional, Customer Relations, Customer Relationship Management (CRM), Customer Support/Service, Establish Priorities, FISMA - Federal Information Security Management Act, Gap Analysis, HIPAA (Health Insurance Portability and Accountability Act), ISO (International Organization for Standardization), IT Governance, Information Technology Consulting, Internet Security, Interpersonal Skills, Leadership, Legal, Machine Tool, Maintain Compliance, Marketing, Microsoft Windows Azure, PCI-DSS, Problem Solving Skills, Program Evaluation, Project Planning, Project Tracking, Project/Program Management, Regulations, Regulatory Compliance, Requirements Management, Return on Investment (ROI), Risk, Risk Analysis, Risk Management, Risk Management Framework (RMF), Sales Prospecting, Sales Support, Sarbanes-Oxley Act (SOX), ServiceNow, Software Engineering, Time Management, Treatment Plan, U.S. National Institute of Standards and Technology (NIST), Waterfall Model of Software Development, Writing Skills
LOCATION
Ashburn, Virginia
POSTED
29 days ago
Senior Consultant – IT Governance, Risk & Compliance (GRC)

ABOUT INFINITIVE
Infinitive is a data and AI consultancy that enables its clients to modernize and operationalize their data to create lasting and substantial value. We bring deep industry and technology expertise to drive and sustain adoption of new capabilities, matching our people and personalities to our clients' culture while delivering the right mix of talent and skills to enable measurable value.
Infinitive has been named Best Small Firms to Work For by Consulting Magazine 8 times, most recently in 2025, and has also been recognized as a Washington Post Top Workplace, Washington Business Journal Best Places to Work, and Virginia Business Best Places to Work.

POSITION OVERVIEW
The Senior Consultant – IT GRC is a key contributing team member within Infinitive's Transformation Practice. In this role, you will apply your expertise in IT governance, risk management, and compliance to drive successful client engagements from initiation through delivery. You will serve as a primary liaison between client stakeholders and internal teams, translating complex regulatory and risk requirements into actionable frameworks and project plans while ensuring delivery quality, schedule adherence, and measurable client value.

ROLES & RESPONSIBILITIES
GRC Program Delivery
  • Lead or co-lead the design, implementation, and assessment of IT GRC programs including risk management frameworks, control libraries, and compliance roadmaps
  • Conduct risk assessments, control gap analyses, and maturity evaluations aligned to industry frameworks (NIST CSF, ISO 27001, SOC 2, COBIT, CMMC, FedRAMP)
  • Develop and maintain GRC deliverables including policies, standards, control matrices, risk registers, and audit evidence packages
  • Support clients in remediating audit findings and implementing sustainable controls to reduce residual risk
  • Track project progress against milestones, flag risks to leadership, and take ownership of assigned components with accountability for on-time, high-quality delivery
  • Maintain 90%+ billability in support of Infinitive's organizational strategy and personal bonus eligibility
Compliance & Regulatory Analysis
  • Perform regulatory and compliance gap assessments across frameworks such as HIPAA, PCI-DSS, SOX, GDPR, CCPA, FISMA, and sector-specific requirements
  • Act as primary author of—or provide substantial input to—client-facing deliverables including compliance roadmaps, risk treatment plans, audit readiness reports, and remediation trackers
  • Map overlapping control requirements across multiple frameworks to streamline compliance efforts and reduce duplication
  • Use data to understand the scope of client risk exposures, generate insights, and develop recommended solutions in collaboration with project leadership

IT Risk Management
  • Facilitate risk identification and prioritization workshops with client stakeholders across IT, security, legal, and business functions
  • Develop and maintain risk registers, risk heat maps, and third-party/vendor risk assessment programs
  • Support the integration of GRC tooling (e.g., ServiceNow GRC, Archer, OneTrust, Vanta) to automate risk and compliance workflows
  • Demonstrate a clear understanding of project goals and client ROI; proactively surface potential needs, pain points, and risk exposures to leadership
Client Relationship Management
  • Maintain professional, responsive, and constructive client relationships with the goal of becoming a trusted GRC advisor
  • Present findings and deliverables to client stakeholders including CISOs, CIOs, compliance officers, and audit committees
  • Communicate clearly and with discretion across internal and external audiences, including senior executive and regulatory stakeholders
  • Identify new opportunities through client interactions and raise them to Infinitive leadership to support sales activities
Team & Organizational Contribution
  • Collaborate cross-functionally with Infinitive and client teams including cybersecurity, data, and cloud engineering practices
  • Actively learn adjacent skill sets and engage with fellow team members to build broad consulting capabilities
  • Participate actively in Infinitive's cultural events, career development initiatives, and recruiting efforts
  • Support sales and marketing activities as schedule allows, including communicating Infinitive's GRC capabilities and differentiators
  • Maintain flexibility when navigating change; take initiative to expand your skill set while keeping leadership informed
COMPETENCIES & SKILLS
  • Knowledge of IT GRC frameworks including NIST CSF, NIST 800-53, ISO 27001/27002, SOC 2, COBIT, CMMC, and FedRAMP
  • Hands-on experience conducting control assessments, risk assessments, and audit readiness activities
  • Proficiency with GRC platforms and tooling such as ServiceNow GRC, Archer RSA, OneTrust, Vanta, or equivalent
  • Business analysis skills including requirements gathering, process mapping, gap analysis, and stakeholder facilitation — applied to GRC program design and implementation
  • Project management methodologies, with experience managing compliance and risk remediation initiatives in Agile and waterfall environments
  • Strong interpersonal and communication skills; ability to engage effectively with both technical teams and executive client leadership
  • Familiarity with cloud security and compliance postures across AWS, Microsoft Azure, and/or Google Cloud Platform (e.g., shared responsibility model, cloud-native security controls)

Infinitive is required by law in some jurisdictions to include a reasonable estimate of the compensation range for this role. The determination of this range includes various factors not limited to skill set, level, experience, relevant training, and licensure and certifications. Compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range for this role in the U.S. is $90,000.00 - $139,000.00.

Infinitive is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.

About the Company

I

Infinitive