About Us:
Thrive is a rapidly growing technology solutions provider focusing upon Cloud, Cyber Security, Networking, Disaster Recovery and Managed Services, including Managed GRC Services. Our corporate culture, engineering talent, customer-centric approach, and focus upon “next generation” services help us stand out amongst our peers. Thrive is on the look-out for individuals who don’t view their weekdays spent at “a job” but rather look to develop valuable skills that ignite their passion and lead to a CAREER. If you’re attracted to a “work hard, play hard” environment, seeking the guidance, training and experience necessary to build a lucrative career, then welcome to THRIVE!!
Position Overview:
The Governance, Risk, and Compliance (GRC) Consultant is a client-facing role that helps build, manage, and maintain cybersecurity compliance programs for clients across various industries, primarily within the government sector where most clients will be government contractors or sub-contractor providers that need to comply with government regulations.
The GRC Consultant supports the Assessment, Program Establishment, and Support work required for Abacode’s clients to become and remain compliant with their respective cybersecurity and privacy frameworks. The GRC Consultant develops client reporting and metrics, updates dashboards, and collects and validates evidence/artifacts.
Responsibilities:
· Participates in day-to-day operations and client engagement activities across various client projects involving compliance readiness and security assessments.
· Supports the Abacode GRC Service Delivery team with conducting on-going and new assessments of controls, processes, and procedures across multiple clients and compliance standards: NIST 800-171 (CMMC), SOC 2, ISO 27001, HIPAA, PCI DSS, NIST CSF and CIS
· Supports clients with maintaining compliance with such frameworks by guiding them through control execution and evidence collection and review.
· Supports compliance, policy, procedural, and technical review of client information security and/or compliance program(s), providing maturity and improvement recommendations based on experience and industry best practices.
· Performs security controls gap analysis and identification based on compliance mandates, standards, and security benchmarks.
· Documents security controls inventory of client systems within the GRC portals.
· Conducts general cybersecurity Risk Assessments
· Provides tactical guidance aimed at helping clients meet compliance requirements across applicable security standards and frameworks.
· Performs audit liaison activities, guiding and assisting clients with audit preparation, evidence identification and gathering, and responding to audit questions.
· Manages compliance requirements across multiple clients in parallel. Works with clients to identify opportunities for improvement for client’s security controls.
· Builds internal company partnerships and collaborates with team leaders to determine the company's services, delivery criteria, and solutions for issues that may arise.
· Supports evidence collection for internal Abacode/Thrive audits.
· Identifies and makes suggestions for improvements when problems and/or opportunities arise.
· Keeps up to date with developments in the cybersecurity, privacy, and GRC areas of specialization.
· Performs other duties as assigned.
Qualifications:
Minimum
- Bachelor's Degree in related field or relevant work experience.
- 2-4 years of experience conducting and documenting security and compliance risk assessments
- Experience working in a client-facing consulting or service delivery capacity
- Experience managing multiple clients/projects in parallel.
- Experience with general project management and customer success/service is strongly desired.
- Demonstrated understanding of control frameworks and regulatory requirements for NIST 800-171, NIST-CSF, SOC-2, and ISO 27001.
- Preferred experience with: HIPAA, PCI-DSS.
- Good understanding of the Department of Defense CMMC ruling and implications for the Defense Industrial Base.
- Proven ability to assess risks and controls and identify opportunities for improvement.
- Excellent written and verbal communication skills along with excellent interpersonal skills. Able to communicate confidently in a clear, concise, and articulate manner - verbally and written in the documentation produced.
- Ability to work independently and with minimal supervision.
- Self-motivated, positive attitude, and a team player.
Preferred
- Broad knowledge of information technology (basic networking principles), information security (such as identity and access management), and critical data protection practices (basic principles of encryption and sensitive data protection) is highly desirable.
- Preferred prior experience working with GRC systems/tools.
- Preferred prior experience with general IT and Security auditing.
Skills Required
- Bachelor's degree in related field or relevant work experience
- 2-4 years conducting and documenting security and compliance risk assessments
- Experience working in a client-facing consulting or service delivery capacity
- Experience managing multiple clients/projects in parallel
- Experience with general project management and customer success/service
- Demonstrated understanding of control frameworks: NIST 800-171, NIST CSF, SOC 2, ISO 27001
- Preferred experience with HIPAA and PCI-DSS
- Good understanding of Department of Defense CMMC ruling and implications
- Proven ability to assess risks and controls and identify opportunities for improvement
- Excellent written and verbal communication and interpersonal skills
- Ability to work independently with minimal supervision
- Self-motivated, positive attitude, and team player
- Broad knowledge of IT (basic networking), information security (IAM), and data protection/encryption principles
- Prior experience working with GRC systems/tools
- Prior experience with general IT and security auditing
Thrive Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Thrive and has not been reviewed or approved by Thrive.
-
Leave & Time Off Breadth — Paid annual leave and holidays are positioned as part of the standard offering, which can strengthen total rewards beyond base pay. Flexible schedules are also described as available, supporting work-life needs.
-
Retirement Support — A 401(k) with company match is explicitly included in the benefits package, indicating employer participation in long-term savings. This feature can meaningfully add to overall compensation value for eligible employees.
Thrive Insights
What We Do
Thrive is a leading provider of NextGen managed services designed to drive business outcomes through application enablement and optimization. The company’s Thrive5 Methodology utilizes a unique combination of its Application Performance Platform and strategic services to ensure each business application takes advantage of technology that enables peak performance, scale, and security. Hundreds of clients rely on Thrive to drive operational efficiencies, security compliance, high availability, and hardened reliability, both on-premise and in the Cloud. The company’s proven approach to managed services enables enterprises all of sizes to realize their goals, for today and tomorrow.






