The Sr GRC Consultant II will design, implement, and manage GRC frameworks, ensure compliance, conduct assessments, and support audits while collaborating with technical and business teams.
Description
At CDW, we make it happen, together. Trust, connection, and commitment are at the heart of how we work together to deliver for our customers. It's why we're coworkers, not just employees. Coworkers who genuinely believe in supporting our customers and one another. We collectively forge our path forward with a level of commitment that speaks to who we are and where we're headed. We're proud to share our story and Make Amazing Happen at CDW. Join CDW as a Security Assurance & GRC Lead, where you'll play a critical role in ensuring the effectiveness of our security and compliance programs across global operations. You will be responsible for designing, implementing, and maintaining governance, risk, and compliance (GRC) frameworks, as well as leading security assurance initiatives. Your work will help reduce risk exposure, ensure compliance with regulatory requirements, and strengthen our overall security posture. Key Responsibilities Governance & Compliance:
* Develop the business unit level procedures to align with corporate governance policies, standards, and procedures aligned with industry frameworks (e.g., NIST CSF, ISO 27001, SOC 2, PCI DSS, NIST 800-53).
* Ensure alignment of security controls with regulatory requirements, including privacy laws (GDPR, CCPA, NIST Privacy Framework) and internal compliance obligations.
* Drive compliance initiatives, including third-party security audits, certifications, and regulatory assessments Security Assurance & Risk Management:
* Conduct security control assessments, risk evaluations, and maturity assessments to ensure compliance and operational effectiveness.
* Perform control testing to assess the design and operational effectiveness of security controls, ensuring alignment with best practices.
* Monitor, evaluate, and continuously improve risk management processes, focusing on third-party risk, internal audits, and regulatory compliance.
* Work closely with control owners within the business units, and IT teams to provide guidance on security requirements, evidence collection, and control optimization. Audit & Consulting:
* Provide support for internal and external security audits, risk assessments, and regulatory reviews.
* Establish centralized evidence repositories for compliance documentation and audit readiness.
* Act as a liaison between security, IT, and business teams to ensure audit findings are addressed, risks are mitigated, and controls are optimized.
* Provide consultative support on security risks, best practices, and continuous improvement strategies. Qualifications & Experience
* 7+ years of experience in information security, risk management, or GRC roles.
* 3+ years of hands-on experience in control design, assurance, and audit functions.
* Deep knowledge of security frameworks (NIST CSF, ISO 27001, SOC 2, PCI DSS 4.0, NIST 800-53).
* Familiarity with CMMI maturity models for control evaluation and process improvement.
* Strong understanding of privacy regulations (NIST Privacy Framework, GDPR, CCPA) and data protection principles.
* Excellent analytical and problem-solving skills, with the ability to assess risks and improve control effectiveness.
* Strong communication and stakeholder management skills to work across business and technical teams.
* Preferred Certifications: CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control), CISSP (Certified Information Systems Security Professional). Pay range: $ 112,000- $ 154,200 depending on experience and skill set Annual bonus target of 10% subject to terms and conditions of plan Benefits overview: [https://cdw.benefit-info.com/](https://cdw.benefit-info.com/) Salary ranges may be subject to geographic differentials
* We make technology work so people can do great things.
* CDW is a leading multi-brand provider of information technology solutions to business, government, education and healthcare customers in the United States, the United Kingdom and Canada. A Fortune 500 company and member of the S&P 500 Index, CDW helps its customers to navigate an increasingly complex IT market and maximize return on their technology investments. Together, we unite. Together, we win. Together, we thrive. CDW is an equal opportunity employer. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status or any other basis prohibited by state and local law.
At CDW, we make it happen, together. Trust, connection, and commitment are at the heart of how we work together to deliver for our customers. It's why we're coworkers, not just employees. Coworkers who genuinely believe in supporting our customers and one another. We collectively forge our path forward with a level of commitment that speaks to who we are and where we're headed. We're proud to share our story and Make Amazing Happen at CDW. Join CDW as a Security Assurance & GRC Lead, where you'll play a critical role in ensuring the effectiveness of our security and compliance programs across global operations. You will be responsible for designing, implementing, and maintaining governance, risk, and compliance (GRC) frameworks, as well as leading security assurance initiatives. Your work will help reduce risk exposure, ensure compliance with regulatory requirements, and strengthen our overall security posture. Key Responsibilities Governance & Compliance:
* Develop the business unit level procedures to align with corporate governance policies, standards, and procedures aligned with industry frameworks (e.g., NIST CSF, ISO 27001, SOC 2, PCI DSS, NIST 800-53).
* Ensure alignment of security controls with regulatory requirements, including privacy laws (GDPR, CCPA, NIST Privacy Framework) and internal compliance obligations.
* Drive compliance initiatives, including third-party security audits, certifications, and regulatory assessments Security Assurance & Risk Management:
* Conduct security control assessments, risk evaluations, and maturity assessments to ensure compliance and operational effectiveness.
* Perform control testing to assess the design and operational effectiveness of security controls, ensuring alignment with best practices.
* Monitor, evaluate, and continuously improve risk management processes, focusing on third-party risk, internal audits, and regulatory compliance.
* Work closely with control owners within the business units, and IT teams to provide guidance on security requirements, evidence collection, and control optimization. Audit & Consulting:
* Provide support for internal and external security audits, risk assessments, and regulatory reviews.
* Establish centralized evidence repositories for compliance documentation and audit readiness.
* Act as a liaison between security, IT, and business teams to ensure audit findings are addressed, risks are mitigated, and controls are optimized.
* Provide consultative support on security risks, best practices, and continuous improvement strategies. Qualifications & Experience
* 7+ years of experience in information security, risk management, or GRC roles.
* 3+ years of hands-on experience in control design, assurance, and audit functions.
* Deep knowledge of security frameworks (NIST CSF, ISO 27001, SOC 2, PCI DSS 4.0, NIST 800-53).
* Familiarity with CMMI maturity models for control evaluation and process improvement.
* Strong understanding of privacy regulations (NIST Privacy Framework, GDPR, CCPA) and data protection principles.
* Excellent analytical and problem-solving skills, with the ability to assess risks and improve control effectiveness.
* Strong communication and stakeholder management skills to work across business and technical teams.
* Preferred Certifications: CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control), CISSP (Certified Information Systems Security Professional). Pay range: $ 112,000- $ 154,200 depending on experience and skill set Annual bonus target of 10% subject to terms and conditions of plan Benefits overview: [https://cdw.benefit-info.com/](https://cdw.benefit-info.com/) Salary ranges may be subject to geographic differentials
* We make technology work so people can do great things.
* CDW is a leading multi-brand provider of information technology solutions to business, government, education and healthcare customers in the United States, the United Kingdom and Canada. A Fortune 500 company and member of the S&P 500 Index, CDW helps its customers to navigate an increasingly complex IT market and maximize return on their technology investments. Together, we unite. Together, we win. Together, we thrive. CDW is an equal opportunity employer. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status or any other basis prohibited by state and local law.
Top Skills
Ccpa
Cmmi
Gdpr
Iso 27001
Nist 800-53
Nist Csf
Nist Privacy Framework
Pci Dss
Soc 2
Similar Jobs at CDW
Artificial Intelligence • eCommerce • Information Technology • Internet of Things • Automation
The Internal IT Audit Manager will lead IT audit projects, manage budgets, assess risks, develop audit plans, and mentor the audit team.
Top Skills:
Cis CscCisaCismCisspCobitCriscGdprHipaaNist CsfNist Sp 800-53Pci DssSdlcSox
Artificial Intelligence • eCommerce • Information Technology • Internet of Things • Automation
As a Senior Security Solutions Architect at CDW, you will drive revenue growth by managing enterprise Advisory projects, supporting business development, and advising clients on IAM strategies and security-related opportunities.
Top Skills:
Access ManagementCyber SecurityIamIdentity Governance
Artificial Intelligence • eCommerce • Information Technology • Internet of Things • Automation
As a Identity Governance and Administration Engineer, you will implement and manage IAM and IGA solutions, collaborating across teams to enhance security and compliance processes.
Top Skills:
Azure Active DirectoryEntra IdForgerockIamIgaOktaPeoplesoftSailpointWorkday
What you need to know about the Charlotte Tech Scene
Ranked among the hottest tech cities in 2024 by CompTIA, Charlotte is quickly cementing its place as a major U.S. tech hub. Home to more than 90,000 tech workers, the city’s ecosystem is primed for continued growth, fueled by billions in annual funding from heavyweights like Microsoft and RevTech Labs, which has created thousands of fintech jobs and made the city a go-to for tech pros looking for their next big opportunity.
Key Facts About Charlotte Tech
- Number of Tech Workers: 90,859; 6.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lowe’s, Bank of America, TIAA, Microsoft, Honeywell
- Key Industries: Fintech, artificial intelligence, cybersecurity, cloud computing, e-commerce
- Funding Landscape: $3.1 billion in venture capital funding in 2024 (CED)
- Notable Investors: Microsoft, Google, Falfurrias Management Partners, RevTech Labs Foundation
- Research Centers and Universities: University of North Carolina at Charlotte, Northeastern University, North Carolina Research Campus
