Practice Lead, GRC Advisory

We are seeking an operational leader to drive the success of our CMMC GRC practice. In this role, you will bridge the

gap between strategic client goals and tactical execution. You will lead the CMMC readiness Service Delivery

Operations team and serve as the Lead vCISO for key accounts, providing high-level guidance to senior management

You are responsible for the quality, efficiency, and consistency of our consulting output. You will guide Advisors and

Analysts to ensure deliverables are strategic, accurate, and impactful, while ensuring the team runs efficiently and

meets utilization targets.

Candidate must demonstrate the following values in their professional work:

● Demonstrate Integrity. To hold the highest standards of honesty and transparency.

● Be Collaborative. Cybersecurity is a collective endeavor and we believe in fostering strong relationships.

● Think Strategic. To help our clients enhance their cybersecurity, they need a plan.

● Provide Clarity. Have a business acumen that allows a client to understand complex issues with Clarity

● Opportunity. Have a positive mindset and look at compliance and cybersecurity as an opportunity to improve

small businesses and unlock new business opportunities.

BASIC FUNCTIONS:

1. Service Delivery & Operational Management

● Team Oversight: Manage the daily workflow and performance of GRC Advisors, ensuring projects are delivered

on time and within scope.

● Quality Control (QC): Act as the final review gate for client deliverables (Risk Assessments, SSPs, Executive

Reports). Ensure all reports are polished, strategic, and error-free before they reach the client.

● Process Optimization: Develop and refine internal SOPs, templates, and consulting methodologies to improve

efficiency and consistency across the practice.

● Resource Management: Assign resources to projects based on technical fit and capacity; manage the schedule

for both on-site and remote engagements.

2.Strategic vCISO Advisory

● Executive Leadership: Act as the dedicated vCISO for clients, reporting directly to their Boards/C-Suites where

applicable to align security initiatives with business objectives.

● Strategic Roadmapping: Lead the development of long-term security strategies, bridging the gap between

current state (gap analysis) and desired future state.

● Crisis Management: Oversee the development of Incident Response (IR) and Business Continuity Plans

(BCP); facilitate tabletop exercises to validate client readiness.

3.Mentorship & Development

● Team Development: Provide technical guidance and mentorship to Advisors, helping them interpret regulations

(HIPAA, ISO 27001, CMMC, CIS v8) effectively.

● Training Evaluation: Evaluate the effectiveness of internal training programs and recommend adjustments to

keep the team sharp on emerging threats.

● Escalation Point: Serve as the primary point of escalation for complex technical or client-relationship issues.

4. Business & Vendor Strategy

● Vendor Risk Management: Develop and manage the firm’s Vendor Risk Management methodology for client

deployment.

● Client Onboarding: Assist sales and account management with scoping complex projects and ensuring a

smooth onboarding process for new clients.

● Market Awareness: Review industry publications to stay ahead of emerging threats and translate these trends

into actionable advice for clients.

KNOWLEDGE, SKILLS, AND/OR ABILITIES REQUIRED:

Technical Proficiency:

● Regulatory Expert: Deep, actionable knowledge of frameworks such as CMMC 2.0, NIST 800-53, HIPAA, ISO

27001, and CIS v8.

● GRC Tooling: Hands-on experience utilizing and optimizing GRC platforms (e.g., FutureFeed, IntelliGRC,

Drata) and ticketing systems.

● Risk Methodologies: Strong command of risk assessment principles (e.g., NIST 800-30).

Operational & Soft Skills:

● Business Acumen: Ability to translate technical risk into financial and operational impact for executive

audiences.

● Operational Leadership: Proven ability to organize schedules, manage project tickets, and match resources to

technical issues appropriately.

● Communication: Exceptional written and verbal communication skills; ability to command a room and "speak

the language" of the C-Suite.

EDUCATIONAL/VOCATIONAL/PREVIOUS EXPERIENCE REQUIREMENTS:

Required Education & Experience:

● 5+ years of experience in Cybersecurity, GRC (Governance, Risk, and Compliance), or Information Assurance.

● A minimum of 1 year of experience focused on CMMC (Cybersecurity Maturity Model Certification) or NIST 800-53 standards.

● 2+ years of experience in a team lead, management, or senior consultant role.

● Professional security certification required (e.g., CISSP, CISM, CISA, CRISC, or CMMC CCP).

● Bachelor’s degree in Cybersecurity, Information Technology, Business, or related experience.

Preferred:

● Experience working within an MSP or MSSP environment.

● Experience managing "Time and Materials" or "Retainer" based consulting teams.

● Competitive salary based on experience and qualifications.

● Health, vision, and dental benefits included.

● Performance based incentives.

● Generous bonus levels.

● Fun working environment and culture.

● Great opportunity for advancement.