Lead client-facing vCISO and GRC consulting engagements for SOC 2, ISO 27001, NIST, and CMMC compliance. Manage a team of consultants while advising executives on security program design, risk prioritization, audit readiness, and control implementation.
125k – 125k/yr
On-site6+ YOESecurity Engineering
About the role
Key Responsibilities
Client Advisory and vCISO Leadership
Serve as a trusted vCISO advisor to clients across cybersecurity, governance, risk, and compliance matters
Provide practical guidance to executive teams, founders, security leaders, IT teams, and business stakeholders
Help clients understand what they need to do to improve security, pass audits, reduce risk, and satisfy customer requirements
Advise clients on security program design, risk prioritization, compliance strategy, policy development, and control implementation
Lead client meetings, executive briefings, audit readiness sessions, and risk review discussions
Translate technical and compliance requirements into clear, business-friendly recommendations
GRC and Compliance Program Delivery
Lead client engagements related to SOC 2, ISO 27001, and other audited security frameworks
Develop and manage compliance roadmaps, audit readiness plans, and remediation timelines for clients
Guide clients through the full lifecycle of compliance readiness, including scoping, gap assessments, control implementation, evidence collection, audit support, and ongoing maintenance
Help clients determine the right level of security and compliance maturity for their size, industry, customer expectations, and business goals
Ensure compliance programs are practical, defensible, and not unnecessarily burdensome
Audit Readiness and Framework Management
Lead SOC 2 Type 1 and Type 2 readiness initiatives for clients
Support ISO 27001 implementation, certification preparation, surveillance audit readiness, and continuous improvement
Coordinate with external auditors, assessors, client stakeholders, and internal delivery teams
Review audit evidence, control documentation, risk registers, policies, and remediation plans
Help clients understand audit findings and develop clear plans to address gaps
Maintain strong working knowledge of SOC 2 Trust Services Criteria, ISO 27001 requirements, and common security control expectations
Team Management and Delivery Oversight
Manage a team of GRC consultants, analysts, and implementation resources
Assign work, oversee deliverables, manage deadlines, and ensure consistent quality across client engagements
Coach and mentor team members on GRC consulting, client communication, audit readiness, and control implementation
Review team deliverables, including gap assessments, policies, risk registers, audit evidence, project plans, and client-facing reports
Ensure the team delivers work that is accurate, practical, professional, and aligned with client expectations
Build repeatable delivery processes, templates, playbooks, and quality standards for the consulting team
Security Control and Risk Advisory
Advise clients on the design, implementation, and improvement of security and compliance controls
Help clients assess risks across cloud infrastructure, identity and access management, endpoint security, vulnerability management, vendor risk, change management, incident response, and secure development practices
Maintain and improve client risk registers and remediation plans
Work with client technical teams to prioritize security improvements based on business impact, audit requirements, and real-world risk
Provide practical recommendations that balance security, compliance, cost, and operational complexity
Policy, Governance, and Documentation
Lead the development and review of client security policies, procedures, standards, and governance documentation
Help clients implement policy review cycles, access review processes, vendor review workflows, risk acceptance procedures, and other governance activities
Ensure client documentation aligns with actual business practices and audit expectations
Help clients avoid "paper compliance" by tying policies and controls to real operational processes
Customer Trust and Security Questionnaire Support
Advise clients on customer security reviews, vendor assessments, and trust-related requests
Help clients respond to security questionnaires, customer due diligence requests, and enterprise procurement reviews
Support the development of reusable security and compliance response libraries
Help clients use compliance and security posture to support sales, customer trust, and enterprise readiness
Client Relationship Management
Own or support client relationships across multiple GRC and vCISO engagements
Set clear expectations with clients regarding scope, timelines, responsibilities, and deliverables
Identify client risks, blockers, and expansion opportunities
Communicate engagement status, risks, and next steps clearly to both internal leadership and client stakeholders
Ensure clients receive strategic advice, not just task completion
Required Qualifications
Minimum 6 years of professional experience in GRC, cybersecurity compliance, security advisory, audit readiness, IT risk, internal audit, or a related field
Minimum 4 years of management or team leadership experience
Direct experience advising organizations on audited frameworks such as SOC 2 and ISO 27001
Experience managing client-facing consulting engagements or advisory relationships
Strong understanding of security controls, risk management, compliance frameworks, and audit processes
Experience leading or supporting external audits, including evidence collection, control testing, auditor communications, and remediation
Ability to explain complex security and compliance concepts to executives, founders, technical teams, and non-technical stakeholders
Strong written and verbal communication skills
Strong project management skills with the ability to manage multiple clients, deadlines, stakeholders, and team members
Ability to work in person from Richmond, VA
Willingness to attend in-person meetings with internal teams, clients, and leadership as required
Preferred Qualifications
Prior experience in a consulting, advisory, MSSP, vCISO, CPA firm, audit firm, cybersecurity firm, or compliance services environment
Senior Security Automation Engineer building centralized security telemetry, universal identity provisioning, and agentic risk engines to enable continuous compliance, self-healing controls, and real-time risk visibility at ClickHouse. Requires strong IAM/IGA and automation experience with Python, JS/TS, or Go.
125k – 205k/yr
Remote5+ YOESecurity Engineering
Senior GRC Analyst
Radar LabsNew York, NY
Senior GRC Analyst scaling security and compliance programs with focus on third-party risk, SaaS governance, and AI tool evaluation. Requires 4+ years experience and SOC 2 audit support.
125k – 160k/yr
On-site4+ YOESecurity Engineering
Corporate Security Lead
Northwood SpaceLos Angeles, CA +1
Builds and leads corporate IT security operations including helpdesk, endpoint management, SIEM deployment, and team hiring for a space communications company. Requires 5+ years in IT/security/DevSecOps, hands-on tools like Okta and AWS, and compliance knowledge.
125k – 206k/yr
On-site5+ YOESecurity Engineering
Senior Software Engineer, Server Security
MongoDBNew York, NY
Senior Software Engineer builds and tests security features like cryptography, identity/access, and network security in MongoDB's C++ codebase. Requires 5+ years in distributed systems and proficiency in compiled languages like C++ or Rust.
Build automation, tooling, and secure software systems as part of Pinterest's Corporate Security team. Integrate security into development lifecycles, improve threat detection/remediation, and leverage AI while maintaining critical verification and ownership.