Skip to content
AgencyAgencyRichmond, VA

Senior vCISO / GRC Consulting Manager

Lead client-facing vCISO and GRC consulting engagements for SOC 2, ISO 27001, NIST, and CMMC compliance. Manage a team of consultants while advising executives on security program design, risk prioritization, audit readiness, and control implementation.

125k – 125k/yr
On-site6+ YOESecurity Engineering

About the role

Key Responsibilities

Client Advisory and vCISO Leadership

  • Serve as a trusted vCISO advisor to clients across cybersecurity, governance, risk, and compliance matters
  • Provide practical guidance to executive teams, founders, security leaders, IT teams, and business stakeholders
  • Help clients understand what they need to do to improve security, pass audits, reduce risk, and satisfy customer requirements
  • Advise clients on security program design, risk prioritization, compliance strategy, policy development, and control implementation
  • Lead client meetings, executive briefings, audit readiness sessions, and risk review discussions
  • Translate technical and compliance requirements into clear, business-friendly recommendations

GRC and Compliance Program Delivery

  • Lead client engagements related to SOC 2, ISO 27001, and other audited security frameworks
  • Develop and manage compliance roadmaps, audit readiness plans, and remediation timelines for clients
  • Guide clients through the full lifecycle of compliance readiness, including scoping, gap assessments, control implementation, evidence collection, audit support, and ongoing maintenance
  • Help clients determine the right level of security and compliance maturity for their size, industry, customer expectations, and business goals
  • Ensure compliance programs are practical, defensible, and not unnecessarily burdensome

Audit Readiness and Framework Management

  • Lead SOC 2 Type 1 and Type 2 readiness initiatives for clients
  • Support ISO 27001 implementation, certification preparation, surveillance audit readiness, and continuous improvement
  • Coordinate with external auditors, assessors, client stakeholders, and internal delivery teams
  • Review audit evidence, control documentation, risk registers, policies, and remediation plans
  • Help clients understand audit findings and develop clear plans to address gaps
  • Maintain strong working knowledge of SOC 2 Trust Services Criteria, ISO 27001 requirements, and common security control expectations

Team Management and Delivery Oversight

  • Manage a team of GRC consultants, analysts, and implementation resources
  • Assign work, oversee deliverables, manage deadlines, and ensure consistent quality across client engagements
  • Coach and mentor team members on GRC consulting, client communication, audit readiness, and control implementation
  • Review team deliverables, including gap assessments, policies, risk registers, audit evidence, project plans, and client-facing reports
  • Ensure the team delivers work that is accurate, practical, professional, and aligned with client expectations
  • Build repeatable delivery processes, templates, playbooks, and quality standards for the consulting team

Security Control and Risk Advisory

  • Advise clients on the design, implementation, and improvement of security and compliance controls
  • Help clients assess risks across cloud infrastructure, identity and access management, endpoint security, vulnerability management, vendor risk, change management, incident response, and secure development practices
  • Maintain and improve client risk registers and remediation plans
  • Work with client technical teams to prioritize security improvements based on business impact, audit requirements, and real-world risk
  • Provide practical recommendations that balance security, compliance, cost, and operational complexity

Policy, Governance, and Documentation

  • Lead the development and review of client security policies, procedures, standards, and governance documentation
  • Help clients implement policy review cycles, access review processes, vendor review workflows, risk acceptance procedures, and other governance activities
  • Ensure client documentation aligns with actual business practices and audit expectations
  • Help clients avoid "paper compliance" by tying policies and controls to real operational processes

Customer Trust and Security Questionnaire Support

  • Advise clients on customer security reviews, vendor assessments, and trust-related requests
  • Help clients respond to security questionnaires, customer due diligence requests, and enterprise procurement reviews
  • Support the development of reusable security and compliance response libraries
  • Help clients use compliance and security posture to support sales, customer trust, and enterprise readiness

Client Relationship Management

  • Own or support client relationships across multiple GRC and vCISO engagements
  • Set clear expectations with clients regarding scope, timelines, responsibilities, and deliverables
  • Identify client risks, blockers, and expansion opportunities
  • Communicate engagement status, risks, and next steps clearly to both internal leadership and client stakeholders
  • Ensure clients receive strategic advice, not just task completion

Required Qualifications

  • Minimum 6 years of professional experience in GRC, cybersecurity compliance, security advisory, audit readiness, IT risk, internal audit, or a related field
  • Minimum 4 years of management or team leadership experience
  • Direct experience advising organizations on audited frameworks such as SOC 2 and ISO 27001
  • Experience managing client-facing consulting engagements or advisory relationships
  • Strong understanding of security controls, risk management, compliance frameworks, and audit processes
  • Experience leading or supporting external audits, including evidence collection, control testing, auditor communications, and remediation
  • Ability to explain complex security and compliance concepts to executives, founders, technical teams, and non-technical stakeholders
  • Strong written and verbal communication skills
  • Strong project management skills with the ability to manage multiple clients, deadlines, stakeholders, and team members
  • Ability to work in person from Richmond, VA
  • Willingness to attend in-person meetings with internal teams, clients, and leadership as required

Preferred Qualifications

  • Prior experience in a consulting, advisory, MSSP, vCISO, CPA firm, audit firm, cybersecurity firm, or compliance services environment
  • Experience with GRC platforms such as Vanta

Skills

SOC 2ISO 27001Nist 800-171Nist 800-53CmmcGRCVcisoRisk ManagementAudit ReadinessCompliance FrameworksSecurity ControlsPolicy DevelopmentVendor Risk ManagementIncident Response
Clickhouse

Senior Security Automation Engineer

ClickhouseUnited States

Senior Security Automation Engineer building centralized security telemetry, universal identity provisioning, and agentic risk engines to enable continuous compliance, self-healing controls, and real-time risk visibility at ClickHouse. Requires strong IAM/IGA and automation experience with Python, JS/TS, or Go.

125k – 205k/yr
Remote5+ YOESecurity Engineering
Radar Labs

Senior GRC Analyst

Radar LabsNew York, NY

Senior GRC Analyst scaling security and compliance programs with focus on third-party risk, SaaS governance, and AI tool evaluation. Requires 4+ years experience and SOC 2 audit support.

125k – 160k/yr
On-site4+ YOESecurity Engineering
Northwood Space

Corporate Security Lead

Northwood SpaceLos Angeles, CA +1

Builds and leads corporate IT security operations including helpdesk, endpoint management, SIEM deployment, and team hiring for a space communications company. Requires 5+ years in IT/security/DevSecOps, hands-on tools like Okta and AWS, and compliance knowledge.

125k – 206k/yr
On-site5+ YOESecurity Engineering
MongoDB

Senior Software Engineer, Server Security

MongoDBNew York, NY

Senior Software Engineer builds and tests security features like cryptography, identity/access, and network security in MongoDB's C++ codebase. Requires 5+ years in distributed systems and proficiency in compiled languages like C++ or Rust.

126k – 248k/yr
Hybrid5+ YOESecurity Engineering
Pinterest

Sr. Security Software Engineer, Corporate Security

PinterestSan Francisco, CA

Build automation, tooling, and secure software systems as part of Pinterest's Corporate Security team. Integrate security into development lifecycles, improve threat detection/remediation, and leverage AI while maintaining critical verification and ownership.

124k – 255k/yr
RemoteSecurity Engineering