Security and Compliance Consultant

We believe talent deserves a human touch. Your application will be read by an actual person who’s excited to discover the real you. Summary The vCISO and Compliance Consultant will be responsible for providing virtual Chief Information Security Officer (vCISO) services and leading information security governance, risk, and compliance initiatives for Cyber74 and New Charter Technologies Operating Company clientele. In this role, the vCISO and Compliance Consultant will help clients define and implement security strategies, roadmaps, policies, and governance structures while also performing cybersecurity readiness assessments, gap analyses, and maturity assessments using frameworks such as CMMC, the NIST Cybersecurity Framework (NIST CSF), HIPAA, and supporting standards including NIST 800-171. In addition to security program leadership and compliance oversight, the vCISO and Compliance Consultant will provide clear, actionable recommendations to clients and collaborate with Operating Company colleagues to share security trends, risks, and best practices. Primary Responsibilities • Working under general supervision, the vCISO and Compliance Consultant will guide clients in the development and ongoing management of their information security programs while monitoring, managing, and closing compliance issues to ensure alignment with applicable standards and regulations. • In carrying out these functions, the vCISO and Compliance Consultant will identify, evaluate, and interpret regulatory, statutory, and customer security requirements, control deficiencies, and information security risks, and translate them into prioritized program initiatives. • Serve as a virtual CISO for assigned clients, providing leadership in the development of security strategy, governance structures, and multi-year security roadmaps aligned to business goals and risk appetite. • Engage with clients and conduct cybersecurity readiness assessments, gap analyses, and maturity assessments using frameworks such as CMMC, NIST CSF, HIPAA, and related standards (including NIST 800-171 and NIST 800-53), and translate the results into program and project plans. • Consult with executive and technical stakeholders to understand key business, regulatory, and security challenges, and provide pragmatic recommendations that balance risk reduction, cost, and operational impact. • Develop, review, and refine client security policies, standards, and procedures, ensuring consistency with leading practices and alignment with contractual, regulatory, and customer requirements. • Support clients in establishing and maintaining governance mechanisms such as security steering committees, risk registers, exception and waiver processes, and formal risk acceptance documentation. • Prepare and deliver client-facing security reporting, including executive summaries, board-level updates, and status reports on remediation and compliance initiatives. • Provide oversight for remediation activities arising from assessments, audits, and incidents by prioritizing efforts, tracking progress, and validating that controls are implemented and operating as intended. • Maintain in-depth knowledge of security regulatory compliance requirements—with particular emphasis on CMMC, NIST CSF, and HIPAA—and translate those into practical control requirements and process improvements for clients. • Articulate and defend IT and security controls, testing approaches, and remediation strategies to both technical and non-technical audiences, including regulators, auditors, and customers when required. • Collaborate with Cyber74 and New Charter Technologies Operating Company stakeholders and personnel to share security knowledge, vulnerability and threat trends, program maturity observations, and analysis findings that can improve the broader security posture. Skills & Experience • Experience in information security leadership and compliance-focused roles with 2–4+ years of experience performing security program management, technical security audits, and risk assessments. • Experience implementing and assessing controls aligned to CMMC, NIST CSF, HIPAA, and related frameworks and standards (e.g., NIST 800-171, NIST 800-53, ISO 27001). • Experience performing cybersecurity readiness and maturity assessments, including those aligned with CMMC, NIST CSF, and HIPAA security/privacy requirements. • Experience with other compliance frameworks (e.g., SOC, SOX, GDPR, FFIEC, PCI, or similar) is a plus. • Experience in creating Supplier Performance Risk Scores (SPRS) • Experience with other compliance frameworks (SOC, SOX, GDPR, FFIEC, etc.) is a plus • Minimum 1+ years’ experience with cloud-based concepts with an emphasis on development and auditing AWS or Azure controls • Well-rounded expertise and exposure to various security technologies, including Anti-Virus, Endpoint Detection and Response (EDR), Data Loss Prevention, Intrusion Prevention, Application Whitelisting, etc. • Experienced at assessin

Apply tot his job

Apply To this Job