Job Description
A3INFOSEC LLC Remote / Part-Time / Contract About A3INFOSEC A3INFOSEC is a GRC advisory and fractional leadership firm helping organizations strengthen governance, reduce compliance friction, and scale with confidence. GRC Advisory for Confident, Scalable Growth. We partner with security, compliance, technology, and business leaders to build practical GRC programs that improve accountability, streamline audit readiness, strengthen third-party risk oversight, and align compliance with business operations. We are looking for a part-time GRC Consultant who can support client engagements across GRC program design, audit readiness, control documentation, evidence management, third-party risk, and compliance operationalization. Role Overview The Part-Time GRC Consultant will support A3INFOSEC client projects by helping assess current-state GRC practices, document controls, organize compliance evidence, support audit readiness activities, improve governance workflows, and contribute to practical recommendations that help clients mature their security and compliance programs. This role is ideal for a hands-on GRC professional who understands how compliance works in real business environments—not just on paper. The right candidate should be comfortable working independently, translating requirements into practical action, and supporting client-facing deliverables with professionalism and accuracy. Key Responsibilities Support GRC advisory engagements across areas such as SOC 2, ISO 27001, NIST, third-party risk management, and internal control programs. Assist with current-state assessments of client GRC programs, including control ownership, evidence readiness, policy alignment, risk processes, and audit preparation. Help document, map, and organize security controls, policies, procedures, risks, evidence, and remediation activities. Support SOC 2 and ISO 27001 readiness activities, including control gap analysis, evidence collection, audit preparation, and process documentation. Assist with third-party risk management activities, including vendor assessment support, questionnaire review, risk tracking, remediation follow-up, and vendor governance documentation. Help clients improve GRC workflows across spreadsheets, shared drives, ticketing systems, and GRC platforms. Contribute to client deliverables such as maturity assessments, control matrices, remediation trackers, policy documentation, audit readiness summaries, and executive-facing reports. Support GRC platform-related work where needed, including workflow review, data cleanup, control library organization, and evidence process improvement. Work with A3INFOSEC leadership to deliver practical, business-aligned recommendations that help clients reduce compliance burden and improve operational accountability. Ideal Candidate The ideal candidate has practical experience supporting GRC, compliance, audit readiness, risk management, or security governance work in a corporate, consulting, SaaS, technology, financial services, healthcare, or regulated environment. You should be organized, detail-oriented, client-service minded, and able to turn messy information into clear, usable GRC outputs. Required Qualifications 2–5+ years of experience in GRC, information security compliance, IT audit, risk management, third-party risk, or security governance. Working knowledge of one or more frameworks such as SOC 2, ISO 27001, NIST CSF, NIST 800-53, CIS Controls, HIPAA, PCI DSS, or similar standards. Experience supporting control documentation, evidence collection, audit readiness, risk assessments, or compliance testing. Strong writing and documentation skills, including the ability to create clear policies, procedures, control descriptions, assessment summaries, and remediation plans. Ability to work independently in a part-time consulting environment with minimal supervision. Strong attention to detail, professional judgment, and ability to handle client information responsibly. Comfort working with tools such as Microsoft Office, Google Workspace, spreadsheets, ticketing systems, shared drives, and common GRC platforms. Preferred Qualifications Experience with GRC platforms such as Drata, Vanta, AuditBoard, ServiceNow GRC/IRM, OneTrust, Archer, Hyperproof, or similar tools. Experience supporting SOC 2 Type I/II, ISO 27001 readiness, internal audits, or external audit preparation. Experience with third-party risk management, vendor assessments, security questionnaires, or supplier risk workflows. Understanding of control automation, continuous monitoring, evidence management, and compliance workflow improvement. Relevant certifications such as Security+, CISA, CRISC, CISM, CI