Jobs · Management · Virginia

Senior vCISO / GRC Consulting Manager

Agency Cybersecurity · Richmond, VA · 1 wk ago
On-siteManagement$125k/yrFull-time

About the role

We are seeking a Senior vCISO / GRC Consulting Manager to lead client-facing cybersecurity, governance, risk, and compliance engagements for organizations pursuing or maintaining security frameworks such as NIST 800-171, 800-53, or CMMC.

This is an in-person consulting leadership role based in Richmond, VA. The Senior vCISO will work directly with clients, internal delivery teams, and company leadership to provide hands-on advisory support, manage GRC engagements, and lead a team responsible for delivering high-quality cybersecurity and compliance services.

The Senior vCISO will serve as a strategic advisor to clients, helping them understand their security and compliance obligations, prioritize risk, prepare for audits, implement practical controls, and build scalable security programs. This person will also manage a team of GRC consultants, analysts, and implementation specialists responsible for delivering client work.

Key Responsibilities

  • Client Advisory and vCISO Leadership

  • Provide practical guidance to executive teams, founders, security leaders, IT teams, and business stakeholders.

  • Help clients understand what they need to do to improve security, pass audits, reduce risk, and satisfy customer requirements.

  • Advise clients on security program design, risk prioritization, compliance strategy, policy development, and control implementation.

  • Lead client meetings, executive briefings, audit readiness sessions, and risk review discussions.

  • Translate technical and compliance requirements into clear, business-friendly recommendations.

  • GRC and Compliance Program Delivery

  • Lead client engagements related to SOC 2, ISO 27001, and other audited security frameworks.

  • Develop and manage compliance roadmaps, audit readiness plans, and remediation timelines for clients.

  • Guide clients through the full lifecycle of compliance readiness, including scoping, gap assessments, control implementation, evidence collection, audit support, and ongoing maintenance.

  • Help clients determine the right level of security and compliance maturity for their size, industry, customer expectations, and business goals.

  • Ensure compliance programs are practical, defensible, and not unnecessarily burdensome.

  • Audit Readiness and Framework Management

  • Lead SOC 2 Type 1 and Type 2 readiness initiatives for clients.

  • Support ISO 27001 implementation, certification preparation, surveillance audit readiness, and continuous improvement.

  • Coordinate with external auditors, assessors, client stakeholders, and internal delivery teams.

  • Review audit evidence, control documentation, risk registers, policies, and remediation plans.

  • Help clients understand audit findings and develop clear plans to address gaps.

  • Maintain strong working knowledge of SOC 2 Trust Services Criteria, ISO 27001 requirements, and common security control expectations.

  • Team Management and Delivery Oversight

  • Manage a team of GRC consultants, analysts, and implementation resources.

  • Assign work, oversee deliverables, manage deadlines, and ensure consistent quality across client engagements.

  • Cookbook coaching and mentoring team members on GRC consulting, client communication, audit readiness, and control implementation.

  • Review team deliverables, including gap assessments, policies, risk registers, audit evidence, project plans, and client-facing reports.

  • Ensure the team delivers work that is accurate, practical, professional, and aligned with client expectations.

  • Build repeatable delivery processes, templates, playbooks, and quality standards for the consulting team.

  • Security Control and Risk Advisory

  • Advise clients on the design, implementation, and improvement of security and compliance controls.

  • Help clients assess risks across cloud infrastructure, identity and access management, endpoint security, vulnerability management, vendor risk, change management, incident response, and secure development practices.

  • Maintain and improve client risk registers and remediation plans.

  • Work with client technical teams to prioritize security improvements based on business impact, audit requirements, and real-world risk.

  • Provide practical recommendations that balance security, compliance, cost, and operational complexity.

  • Policy, Governance, and Documentation

  • Lead the development and review of client security policies, procedures, standards, and governance documentation.

  • Help clients implement policy review cycles, access review processes, vendor review workflows, risk acceptance procedures, and other governance activities.

  • Ensure client documentation aligns with actual business practices and audit expectations.

  • Help clients avoid “paper compliance” by tying policies and controls to real operational processes.

  • Customer Trust and Security Questionnaire Support

  • Advise clients on customer security reviews, vendor assessments, and trust-related requests.

  • Help clients respond to security questionnaires, customer due diligence requests, and enterprise procurement reviews.

  • Support the development of reusable security and compliance response libraries.

  • Help clients use compliance and security posture to support sales, customer trust, and enterprise readiness.

  • Client Relationship Management

  • Own or support client relationships across multiple GRC and vCISO engagements.

  • Set clear expectations with clients regarding scope, timelines, responsibilities, and deliverables.

  • Identify client risks, blockers, and expansion opportunities.

  • Communicate engagement status, risks, and next steps clearly to both internal leadership and client stakeholders.

  • Ensure clients receive strategic advice, not just task completion.

Required Qualifications

  • Minimum 6 years of professional experience in GRC, cybersecurity compliance, security advisory, audit readiness, IT risk, internal audit, or a related field.

  • Minimum 4 years of management or team leadership experience.

  • Direct experience advising organizations on audited frameworks such as SOC 2 and ISO 27001.

  • Experience managing client-facing consulting engagements or advisory relationships.

  • Strong understanding of security controls, risk management, compliance frameworks, and audit processes.

  • Experience leading or supporting external audits, including evidence collection, control testing, auditor communications, and remediation.

  • Ability to explain complex security and compliance concepts to executives, founders, technical teams, and non-technical stakeholders.

  • Strong written and verbal communication skills.

  • Strong project management skills with the ability to manage multiple clients, deadlines, stakeholders, and team members.

  • Ability to work in person from Richmond, VA.

  • Willingness to attend in-person meetings with internal teams, clients, and leadership as required.

Compensation

The base salary for this role is $125,000 per year.

Additional compensation, benefits, bonus eligibility, and other incentives may be provided depending on company policy and candidate qualifications.

Similar jobs

Senior Manager GRC

Papa JohnsLouisville, KY· 3 wk ago
Managementapply on papajohns.wd1.myworkdayjobs.com

Senior Manager, Consulting

Dana-Farber Cancer InstituteBrookline, MA· 1 mo ago
Management$133k–$156k/yrapply on careers.dana-farber.org