Risk Senior Manager
About the role
SC&H's Risk Practice is seeking a Senior Manager to lead and grow our service line with a strong focus on security-related consulting, including SOC (SSAE 18), ISO/IEC 27001, and ISO/IEC 42001 engagements.
Responsibilities
Business Development & Growth (40%): Own a personal book-of-business growth target; lead opportunity pursuit from prospecting through close (RFPs, proposals, orals, scoping, pricing).
Build and manage an opportunity pipeline across SOC (1/2/3), readiness, ISO 27001 ISMS implementation/assessments, ISO 42001 (AI Management System) readiness/certification guidance, and security program advisory.
Develop go-to-market (GTM) offerings, thought leadership, and partner/alliances; collaborate with Marketing on campaigns and events.
Expand client relationships at the CISO, CIO, CTO, CAE, CFO levels; lead cross-sell with Assurance, Tax, and other Cyber/Technology teams.
Engagement Leadership & Delivery (40%): Lead SOC (SSAE 18) readiness and examination projects (SOC 1 Type 1/2, SOC 2 Type 1/2, SOC 3), including scoping, testing strategy, and report quality.
Lead ISO/IEC 27001 implementations (ISMS design, risk assessment, controls, internal audits, certification readiness) and ISO/IEC 42001 readiness/implementation for AI governance.
Oversee delivery quality, risk, and timelines across multiple concurrent engagements; ensure methodology compliance and audit defensibility.
People Leadership & Practice Management (20%): Manage, coach, and develop a team of managers/seniors/associates; lead staffing, utilization, and performance.
Champion a collaborative, inclusive, and learning-oriented culture; provide timely feedback and career guidance.
Strengthen delivery playbooks, templates, and accelerators; contribute to practice P&L hygiene (pricing discipline, margin, WIP/AR, scope management).
Qualifications
8–12+ years of progressively responsible experience in public accounting, consulting, or a comparable risk/security practice.
Proven track record in SOC (SSAE 18) readiness and examinations (SOC 1/SOC 2), including planning, testing, supervision, and reporting.
Hands-on experience with ISO/IEC 27001 (ISMS design/implementation, internal audit, certification readiness) and familiarity with ISO/IEC 42001 (AI Management System) frameworks and AI governance concepts.
Demonstrated sales/business development success (pipeline creation, proposals/orals, solutioning, closing) and account growth.
People leadership experience: managing teams, setting priorities, and developing talent across multiple engagements.
Strong understanding of security and IT risk domains (identity and access, change/configuration, secure engineering, vendor risk, cloud controls, incident response, logging/monitoring, data governance, AI governance).
Excellent client communication, executive presence, and stakeholder management skills.
Prior practice-building responsibilities (offerings, pricing models, partner alliances).
Preferred
Experience coordinating with external auditors and working in regulated industries (SaaS, fintech, healthcare, critical infrastructure).
Working knowledge of cloud security (Azure, AWS, GCP) and enabling platforms (e.g., M365/Entra ID, ServiceNow GRC, Archer, OneTrust).
Education & Certifications
Bachelor’s degree in Accounting, Information Systems, Computer Science, Cybersecurity, or related field; Master’s degree a plus.
One or more of the following required:
- CISA (Certified Information Systems Auditor)
- ISO/IEC 27001 Lead Implementer or Lead Auditor (or equivalent ISO credential)
- CPA (active)
Preferred additional relevant certifications: CISSP, CCSP, CRISC, CISM, ISO/IEC 42001-related training/credentials.