

Trident Consulting
Cybersecurity GRC Lead/Manager
⭐ - Featured Role | Apply direct with Data Freelance Hub
This role is for a "Cybersecurity GRC Lead/Manager" in Aliso Viejo, CA, on a W2 contract for 6+ months, paying $80-86/hr. Requires 7+ years in cybersecurity, NIST CSF experience, strong project management skills, and relevant certifications.
🌎 - Country
United States
💱 - Currency
$ USD
-
💰 - Day rate
688
-
🗓️ - Date
July 2, 2026
🕒 - Duration
More than 6 months
-
🏝️ - Location
On-site
-
📄 - Contract
W2 Contractor
-
🔒 - Security
Unknown
-
📍 - Location detailed
Irvine, CA
-
🧠 - Skills detailed
#SharePoint #Cybersecurity #Alation #Compliance #Scala #Documentation #Project Management #Vulnerability Management #Leadership #Security #Cloud #Consulting #Monitoring
Role description
Trident Consulting is seeking a “Cybersecurity GRC Lead/Manager” for one of our clients in “Aliso Viejo, CA - Onsite” — a global leader in medical technology and pharmaceutical Industry.
Job Title: Cybersecurity GRC Lead/Manager
Location: Aliso Viejo, CA - Onsite
Type: W2 Contract
Rate: $80-86/Hr
Requirements: What You’ll Do
NIST CSF Assessment & Roadmap
• Lead a current-state assessment of cybersecurity posture against the NIST CSF (v1.1 or v2.0) across all five Functions: Identify, Protect, Detect, Respond, and Recover.
• Establish a target maturity tier and define a prioritized, time-boxed roadmap with clear milestones within the six-month engagement window.
• Map existing controls (policies, procedures, technical safeguards) to CSF Categories and Subcategories; identify gaps and document residual risk.
• Where NIST CSF does not apply directly, leverage equivalent controls from NIST 800-53, ISO 27001, SOC 2, CMMC, or other applicable frameworks to provide crosswalk evidence. Program Governance & Project Management
• Establish and maintain a formal program charter, RACI matrix, and weekly status reporting cadence for all NIST CSF workstreams.
• Own the program plan — maintaining tasks, owners, dependencies, and milestone dates with rigorous tracking and proactive escalation of blockers.
• Manage the junior GRC contractor: assign work, review deliverables, provide structured feedback, and ensure quality and consistency across outputs.
• Run structured stakeholder meetings, produce clear meeting notes, action registers, and decision logs.
• Maintain a living program dashboard visible to CISO and senior leadership reflecting current maturity scores, risk posture, and roadmap status. Policy, Process & Control Development
• Draft, revise, and finalize cybersecurity policies, standards, procedures, and control narratives required to close CSF gaps.
• Design and implement repeatable processes for control execution — including access reviews, vulnerability management SLA tracking, patch governance, and control attestations.
• Develop evidence collection templates, control calendars, and checklists to support ongoing monitoring post-engagement.
• Build a governance repository (SharePoint, Confluence, or equivalent) organized for auditability and long-term operability. Risk Management
• Maintain a cybersecurity risk register aligned to CSF subcategories, capturing likelihood, impact, ownership, and remediation status.
• Facilitate risk assessment workshops with IT, Engineering, and Quality stakeholders; document findings and drive decisions to closure.
• Identify, document, and manage exceptions; develop compensating controls where remediation timelines extend beyond engagement scope. Stakeholder Engagement & Influence
• Operate as the primary point of accountability for all NIST CSF maturity activities, working without direct authority over functional teams.
• Build trusted relationships across IT, Engineering, Quality, Legal, and Regulatory Affairs to drive compliant outcomes.
• Communicate program status, risk posture, and decisions clearly to both technical and executive audiences.
• Deliver training or awareness content to stakeholders on relevant control expectations and their responsibilities. Transition & Knowledge Transfer
• Design all processes with handoff in mind: document workflows, runbooks, and control calendars sufficient for an internal team member to continue operating the program independently.
• Conduct formal knowledge transfer sessions in the final 30 days of the engagement.
• Produce a final engagement report summarizing maturity progress, residual gaps, and recommended next steps.
Required Experience
• 7+ years of experience in cybersecurity, GRC, or a closely related field.
• Demonstrated hands-on experience leading a NIST CSF assessment, gap analysis, or maturity improvement program — OR equivalent depth in NIST 800-53, ISO 27001, SOC 2, or CMMC with proven ability to apply crosswalk to NIST CSF.
• Strong project management skills: the ability to build and manage a formal program plan, track milestones, escalate risks, and deliver consistently on schedule.
• Proven track record of working autonomously in contractor or consulting roles with minimal supervision.
• Experience managing or mentoring junior team members and reviewing their work for quality.
• Demonstrated ability to build processes and documentation from scratch that are designed to outlast the builder’s tenure.
• Experience producing executive-facing reporting (dashboards, risk summaries, status decks).
• Strong written communication skills — policies, procedures, and program documentation must be clear, concise, and audit-ready.
Preferred Qualifications
• Prior engagement in a regulated industry (medical device, pharma, financial services, defense) where compliance rigor and documentation standards are high.
• Familiarity with the NIST CSF v2.0 update and its new Govern function.
• Experience with GRC platforms (ServiceNow GRC, Archer, Drata, Vanta, or similar).
• Relevant certifications: CISM, CRISC, CGRC/CAP, CISSP, ISO 27001 Lead Implementer, or equivalent.
• Familiarity with FDA cybersecurity guidance in the context of medical device GRC (a plus, not a requirement). Working Style Requirements
• Must be able to operate as a self-starter — define the work, not just execute it.
• Must demonstrate structured thinking: organized, methodical, detail-oriented with an eye for process quality.
• Must be comfortable with ambiguity and building structure in environments where it does not yet fully exist.
• Must communicate proactively — surfacing issues, seeking alignment, and keeping stakeholders informed without being prompted.
About Trident Consulting
Trident Consulting is an award-winning staffing and consulting firm headquartered in San Ramon, CA. Since 2005, we’ve partnered with Fortune 500 and high-growth companies to deliver high-quality talent across technology, engineering, business operations, and professional services.
We specialize in contract, contract-to-hire, and direct hire placements, supporting roles across IT, data & analytics, cloud, cybersecurity, finance & accounting, HR, operations, and more. With a strong focus on hard-to-fill and niche positions, our global recruiting engine enables us to deliver speed, quality, and scale.
Trident Consulting is seeking a “Cybersecurity GRC Lead/Manager” for one of our clients in “Aliso Viejo, CA - Onsite” — a global leader in medical technology and pharmaceutical Industry.
Job Title: Cybersecurity GRC Lead/Manager
Location: Aliso Viejo, CA - Onsite
Type: W2 Contract
Rate: $80-86/Hr
Requirements: What You’ll Do
NIST CSF Assessment & Roadmap
• Lead a current-state assessment of cybersecurity posture against the NIST CSF (v1.1 or v2.0) across all five Functions: Identify, Protect, Detect, Respond, and Recover.
• Establish a target maturity tier and define a prioritized, time-boxed roadmap with clear milestones within the six-month engagement window.
• Map existing controls (policies, procedures, technical safeguards) to CSF Categories and Subcategories; identify gaps and document residual risk.
• Where NIST CSF does not apply directly, leverage equivalent controls from NIST 800-53, ISO 27001, SOC 2, CMMC, or other applicable frameworks to provide crosswalk evidence. Program Governance & Project Management
• Establish and maintain a formal program charter, RACI matrix, and weekly status reporting cadence for all NIST CSF workstreams.
• Own the program plan — maintaining tasks, owners, dependencies, and milestone dates with rigorous tracking and proactive escalation of blockers.
• Manage the junior GRC contractor: assign work, review deliverables, provide structured feedback, and ensure quality and consistency across outputs.
• Run structured stakeholder meetings, produce clear meeting notes, action registers, and decision logs.
• Maintain a living program dashboard visible to CISO and senior leadership reflecting current maturity scores, risk posture, and roadmap status. Policy, Process & Control Development
• Draft, revise, and finalize cybersecurity policies, standards, procedures, and control narratives required to close CSF gaps.
• Design and implement repeatable processes for control execution — including access reviews, vulnerability management SLA tracking, patch governance, and control attestations.
• Develop evidence collection templates, control calendars, and checklists to support ongoing monitoring post-engagement.
• Build a governance repository (SharePoint, Confluence, or equivalent) organized for auditability and long-term operability. Risk Management
• Maintain a cybersecurity risk register aligned to CSF subcategories, capturing likelihood, impact, ownership, and remediation status.
• Facilitate risk assessment workshops with IT, Engineering, and Quality stakeholders; document findings and drive decisions to closure.
• Identify, document, and manage exceptions; develop compensating controls where remediation timelines extend beyond engagement scope. Stakeholder Engagement & Influence
• Operate as the primary point of accountability for all NIST CSF maturity activities, working without direct authority over functional teams.
• Build trusted relationships across IT, Engineering, Quality, Legal, and Regulatory Affairs to drive compliant outcomes.
• Communicate program status, risk posture, and decisions clearly to both technical and executive audiences.
• Deliver training or awareness content to stakeholders on relevant control expectations and their responsibilities. Transition & Knowledge Transfer
• Design all processes with handoff in mind: document workflows, runbooks, and control calendars sufficient for an internal team member to continue operating the program independently.
• Conduct formal knowledge transfer sessions in the final 30 days of the engagement.
• Produce a final engagement report summarizing maturity progress, residual gaps, and recommended next steps.
Required Experience
• 7+ years of experience in cybersecurity, GRC, or a closely related field.
• Demonstrated hands-on experience leading a NIST CSF assessment, gap analysis, or maturity improvement program — OR equivalent depth in NIST 800-53, ISO 27001, SOC 2, or CMMC with proven ability to apply crosswalk to NIST CSF.
• Strong project management skills: the ability to build and manage a formal program plan, track milestones, escalate risks, and deliver consistently on schedule.
• Proven track record of working autonomously in contractor or consulting roles with minimal supervision.
• Experience managing or mentoring junior team members and reviewing their work for quality.
• Demonstrated ability to build processes and documentation from scratch that are designed to outlast the builder’s tenure.
• Experience producing executive-facing reporting (dashboards, risk summaries, status decks).
• Strong written communication skills — policies, procedures, and program documentation must be clear, concise, and audit-ready.
Preferred Qualifications
• Prior engagement in a regulated industry (medical device, pharma, financial services, defense) where compliance rigor and documentation standards are high.
• Familiarity with the NIST CSF v2.0 update and its new Govern function.
• Experience with GRC platforms (ServiceNow GRC, Archer, Drata, Vanta, or similar).
• Relevant certifications: CISM, CRISC, CGRC/CAP, CISSP, ISO 27001 Lead Implementer, or equivalent.
• Familiarity with FDA cybersecurity guidance in the context of medical device GRC (a plus, not a requirement). Working Style Requirements
• Must be able to operate as a self-starter — define the work, not just execute it.
• Must demonstrate structured thinking: organized, methodical, detail-oriented with an eye for process quality.
• Must be comfortable with ambiguity and building structure in environments where it does not yet fully exist.
• Must communicate proactively — surfacing issues, seeking alignment, and keeping stakeholders informed without being prompted.
About Trident Consulting
Trident Consulting is an award-winning staffing and consulting firm headquartered in San Ramon, CA. Since 2005, we’ve partnered with Fortune 500 and high-growth companies to deliver high-quality talent across technology, engineering, business operations, and professional services.
We specialize in contract, contract-to-hire, and direct hire placements, supporting roles across IT, data & analytics, cloud, cybersecurity, finance & accounting, HR, operations, and more. With a strong focus on hard-to-fill and niche positions, our global recruiting engine enables us to deliver speed, quality, and scale.






