IT Risk & Compliance Consultant

As an IT Risk & Compliance Consultant at McKee-Nix you will help the company ensure that its IT systems processes and partnerships comply with industry best practices and regulatory requirements. You will assess technology risk design controls and implement governance strategies to protect business operations and data integrity. Youll partner with internal stakeholderssuch as operations sales and financeto build a risk-aware culture and strengthen control frameworks.

Key Responsibilities

Conduct risk assessments to identify and evaluate IT-related risks (e.g. operational third-party data security).

Develop and maintain an IT risk register tracking risk exposure mitigation plans and remediation status.

Design and implement IT control frameworks including IT general controls (ITGC) change management controls and access controls.

Establish and enforce information security policies standards and procedures in line with regulatory and business requirements.

Perform control testing gap analysis and audit readiness activities; support internal and external audits.

Lead or support vendor risk management efforts by assessing third-party security and compliance posture.

Provide advisory on compliance with relevant frameworks (e.g. ISO 27001 NIST COBIT) and regulations.

Monitor and report on risk and compliance metrics to leadership; prepare clear actionable reports.

Develop and deliver training and awareness programs to promote risk and compliance practices across the organization.

Work with project teams to embed risk and compliance into new initiatives ensuring that risk considerations are addressed from design through deployment.

Stay up to date on emerging risks regulatory changes and industry best practices; proactively adjust risk strategies and policies.

Requirements

Bachelors degree in Information Technology Computer Science Business or a related field (or equivalent experience).

3 years of experience in IT risk compliance audit or governance roles.

Experience working with risk frameworks and control standards (e.g. ISO 27001 COBIT NIST).

Strong understanding of IT general controls application controls and change management processes.

Familiarity with vendor risk assessments and third-party risk management.

Excellent analytical and problem-solving skills with the ability to assess complex systems and identify risk.

Strong communication skills: able to articulate risk issues and compliance gaps to both technical and non-technical stakeholders.

Experience conducting control testing gap assessment and remediation planning.

Certifications such as CISA CRISC CISSP or similar are a plus.

Benefits

Competitive base salary plus performance-based incentives

Health dental and vision insurance

401(k) retirement plan with company matching

Generous paid time off including vacation sick days and holidays

Flexible or hybrid work arrangements depending on business needs

Professional development support (training certifications conferences)

Travel reimbursement for relevant business or vendor engagements

Career growth opportunities into senior risk roles governance or compliance leadership

Wellness benefits including mental health resources and wellness stipend

Paid parental or family leave

Required Skills:

Bachelors degree in Computer Science Information Security or related field (or equivalent experience). 3 years of experience in cybersecurity consulting advisory or professional services. Hands-on experience with security assessments architecture design and risk management. Knowledge of security frameworks and standards (e.g. ISO 27001 NIST Cybersecurity Framework CIS Controls). Experience with regulatory compliance (e.g. GDPR HIPAA PCI-DSS) is preferred. Strong understanding of cloud security (AWS Azure GCP) identity management encryption and network security. Excellent communication skills both technical and non-technical with experience presenting to executives and technical teams. Consulting mindset: strong problem-solving client-facing experience and ability to lead engagements. Certifications such as CISSP CISM CRISC or equivalent are a plus.