GRC & Data Security Governance Consultant

RoleGRC & Data Security Governance ConsultantLocationOakland, CA (Remote/Hybrid)OverviewThe Client is seeking a hands‐on Technical GRC & Data Security Consultant to lead a foundational "cleanup and build" initiative. This is not an advisory or management role; we require a "doer" who can independently assess technical security controls, map them to the NIST Cybersecurity Framework (CSF) , and centralize the District's policy ecosystem within a GRC platform.NIST CSF Validation: Conduct a deep-dive review of current security controls (Identity, Network, Cloud) to assess alignment, effectiveness, and documentation gaps against NIST CSF.Data Security Governance (DSG): Assess current maturity and implement a practical roadmap for data ownership, classification standards, and oversight processes.Policy Centralization: Review, clean up, and migrate all existing security policies and SOPs into the GRC Policy Module (ServiceNow/OneTrust).Audit Readiness: Establish version control, document ownership, and review cadences to ensure long-term governance sustainability.Incident Response Modernization: Audit the current IR Plan and update technical protocols to ensure alignment with NIST standards.Required Experience5+ Years in Technical GRC: Direct experience implementing NIST 800-53 or CSF in a multi-site or public sector environment.GRC Tool Expertise: Hands‐on experience configuring and managing modules within a GRC platform.Technical Writing: Proven ability to write "Technical SOPs"—not just high-level policies.Cyber Literacy: Must understand the technical side of security (MFA, EDR, SIEM, Encryption) to verify that controls actually work.#J-18808-Ljbffr