PFH are seeking a seasoned GRC Senior Consultant to lead engagements that help clients design, implement, and mature integrated governance, risk, and compliance programs. You'll act as a trusted advisor—assessing risk posture, optimizing control environments, enabling regulatory compliance, and building pragmatic, business-aligned GRC capabilities across people, process, and technology.
You combine deep regulatory understanding with a practical approach to risk management and control design, and you're comfortable translating complex requirements into actionable roadmaps that deliver measurable outcomes.
Key Responsibilities
* Program Design & Maturity
o Lead the development and implementation of enterprise GRC frameworks (policies, standards, procedures, KRIs/KPIs).
o Conduct GRC maturity assessments and build prioritized remediation roadmaps aligned to business strategy.
* Risk Management
o Facilitate risk identification, assessment, and treatment across operational, IT, cybersecurity, third-party, and ESG domains.
o Define risk taxonomies, appetite statements, and reporting mechanisms; integrate RCSA and control testing cycles.
* Compliance & Regulatory Advisory
o Interpret and operationalize regulatory obligations (e.g., ISO 27001/2, SOC 2, NIST CSF, COBIT, GDPR, HIPAA, PCI DSS, SOX, DORA, CSRD—tailor to your region/industry).
o Map regulatory requirements to controls, evidence, and audit-ready artifacts; oversee gap analysis and remediation.
* Controls & Assurance
o Design, rationalize, and optimize control sets; lead control testing, walkthroughs, and continuous monitoring initiatives.
o Coordinate internal/external audit readiness, findings remediation, and issue management.
* Third-Party Risk Management
o Build or enhance TPRM frameworks: onboarding, due diligence, inherent/residual risk scoring, contractual controls, continuous monitoring.
* GRC Technology Enablement
o Evaluate, implement, or optimize GRC platforms (e.g., ServiceNow, Archer, OneTrust, MetricStream, LogicGate).
o Define use cases, data models, workflows, and reporting dashboards; drive user adoption and governance.
* Stakeholder Engagement
o Present complex concepts to executive and technical audiences; lead workshops, training, and change management.
o Produce high-quality deliverables (charters, policies, control matrices, risk registers, operating models, dashboards).
Required Qualifications
* Experience: 5–8+ years in GRC, risk management, compliance, audit, or cybersecurity consulting; proven client-facing leadership.
* Methodologies & Frameworks: Strong working knowledge of risk frameworks and compliance standards (e.g., ISO 27001/2, NIST CSF/800-53, SOC 2 Trust Service Criteria, COBIT, COSO, PCI DSS, GDPR/CCPA, SOX ITGC, DORA).
* Technical & Analytical Skills:
o Proficiency in control design/testing, risk assessments, and process optimization.
o Experience with GRC tooling and data/reporting (dashboards, KRIs, metrics).
* Communication: Excellent written and verbal communication; ability to influence cross-functional stakeholders.
* Education: Bachelor's degree in Information Systems, Risk Management, Cybersecurity, Business, Accounting, or related field (Master's a plus).
PFH Technology, owned by Ricoh – a Japanese based global ICT company, is a premier provider of end-to-end ICT solutions and a managed services portfolio scaling from SMEs to large Enterprise organisations. We have unrivalled vendor relationships. We can procure, design, deploy and support all your ICT needs. Our ISO certified Custodian Cloud Services and Custodian Managed Services provide the technology and expertise to mitigate risk and reduce your costs immediately. We have a nationwide network of over 750 dedicated professionals, ready to meet your ICT needs, with offices in Dublin, Cork and Galway.
We are an equal opportunity employer and value diversity at PFH. We do not discriminate on the basis of age, disability, civil or family status, gender, gender identity or expression, sexual orientation, race, religion, or any other legally protected status.
We are committed to ensuring that individuals with disabilities or access needs are provided with reasonable accommodation during the recruitment process, to perform essential job functions, and to access the full benefits of employment. Please contact us if you require accommodation at any stage.