ABOUT INFINITIVE
Infinitive has been named Best Small Firms to Work For by Consulting Magazine 8 times, most recently in 2025, and has also been recognized as a Washington Post Top Workplace, Washington Business Journal Best Places to Work, and Virginia Business Best Places to Work.
POSITION OVERVIEW
ROLES & RESPONSIBILITIES
- Lead or co-lead the design, implementation, and assessment of IT GRC programs including risk management frameworks, control libraries, and compliance roadmaps
- Conduct risk assessments, control gap analyses, and maturity evaluations aligned to industry frameworks (NIST CSF, ISO 27001, SOC 2, COBIT, CMMC, FedRAMP)
- Develop and maintain GRC deliverables including policies, standards, control matrices, risk registers, and audit evidence packages
- Support clients in remediating audit findings and implementing sustainable controls to reduce residual risk
- Track project progress against milestones, flag risks to leadership, and take ownership of assigned components with accountability for on-time, high-quality delivery
- Maintain 90%+ billability in support of Infinitive's organizational strategy and personal bonus eligibility
- Perform regulatory and compliance gap assessments across frameworks such as HIPAA, PCI-DSS, SOX, GDPR, CCPA, FISMA, and sector-specific requirements
- Act as primary author of—or provide substantial input to—client-facing deliverables including compliance roadmaps, risk treatment plans, audit readiness reports, and remediation trackers
- Map overlapping control requirements across multiple frameworks to streamline compliance efforts and reduce duplication
- Use data to understand the scope of client risk exposures, generate insights, and develop recommended solutions in collaboration with project leadership
IT Risk Management
- Facilitate risk identification and prioritization workshops with client stakeholders across IT, security, legal, and business functions
- Develop and maintain risk registers, risk heat maps, and third-party/vendor risk assessment programs
- Support the integration of GRC tooling (e.g., ServiceNow GRC, Archer, OneTrust, Vanta) to automate risk and compliance workflows
- Demonstrate a clear understanding of project goals and client ROI; proactively surface potential needs, pain points, and risk exposures to leadership
- Maintain professional, responsive, and constructive client relationships with the goal of becoming a trusted GRC advisor
- Present findings and deliverables to client stakeholders including CISOs, CIOs, compliance officers, and audit committees
- Communicate clearly and with discretion across internal and external audiences, including senior executive and regulatory stakeholders
- Identify new opportunities through client interactions and raise them to Infinitive leadership to support sales activities
- Collaborate cross-functionally with Infinitive and client teams including cybersecurity, data, and cloud engineering practices
- Actively learn adjacent skill sets and engage with fellow team members to build broad consulting capabilities
- Participate actively in Infinitive's cultural events, career development initiatives, and recruiting efforts
- Support sales and marketing activities as schedule allows, including communicating Infinitive's GRC capabilities and differentiators
- Maintain flexibility when navigating change; take initiative to expand your skill set while keeping leadership informed
COMPETENCIES & SKILLS
- Knowledge of IT GRC frameworks including NIST CSF, NIST 800-53, ISO 27001/27002, SOC 2, COBIT, CMMC, and FedRAMP
- Hands-on experience conducting control assessments, risk assessments, and audit readiness activities
- Proficiency with GRC platforms and tooling such as ServiceNow GRC, Archer RSA, OneTrust, Vanta, or equivalent
- Business analysis skills including requirements gathering, process mapping, gap analysis, and stakeholder facilitation — applied to GRC program design and implementation
- Project management methodologies, with experience managing compliance and risk remediation initiatives in Agile and waterfall environments
- Strong interpersonal and communication skills; ability to engage effectively with both technical teams and executive client leadership
- Familiarity with cloud security and compliance postures across AWS, Microsoft Azure, and/or Google Cloud Platform (e.g., shared responsibility model, cloud-native security controls)