Managing Consultant – Cybersecurity Compliance
RISCPoint · United States
- Hybrid
- Full-time
- $150,000 / year
- United States
Job highlights
- Lead cybersecurity compliance engagements.
- Manage client relationships and project delivery.
- Utilize GRC platforms like Vanta, Drata.
- Mentor and develop consulting staff.
- Drive growth and service innovation.
About the role
About RISCPoint
RISCPoint is a cybersecurity consulting firm specializing in helping organizations navigate complex compliance frameworks such as FedRAMP, SOC 2, ISO 27001, and HITRUST. Our team is made up of former assessors, auditors, and industry experts who deliver tailored, high-quality engagements designed to meet each client’s unique needs. We take a collaborative, “white-glove” approach that prioritizes both technical excellence and client experience. With rapid growth and a reputation for trusted expertise, RISCPoint partners with leading cloud service providers, technology companies, and enterprises across industries. Join us and be part of a team that is shaping the future of cybersecurity compliance.
Position Overview
The Managing Consultant – Cybersecurity Compliance is responsible for leading cybersecurity compliance and assurance engagements across frameworks such as SOC 1, SOC 2, ISO 27001, HITRUST, and HIPAA while overseeing engagement delivery, client relationships, and consultant development activities. This role serves as a primary point of contact for clients and is responsible for managing multiple concurrent engagements, providing strategic compliance guidance, reviewing project work products, and ensuring high-quality service delivery in alignment with RISCPoint Advisory Group standards. The ideal candidate brings strong consulting and project leadership experience, the ability to mentor and develop team members, and a client-focused mindset capable of supporting both technical and executive stakeholders.
Key Responsibilities
- Lead SOC 2 audit engagements utilizing GRC and compliance automation platforms such as Vanta and Drata to streamline evidence collection, control monitoring, and audit coordination activities.
- Configure, review, and manage compliance workflows within GRC platforms, including control mapping, evidence review, personnel task tracking, and auditor request coordination.
- Work directly with clients and external auditors to facilitate efficient SOC 2 audit execution through automated evidence collection processes and platform-based collaboration.
- Lead and oversee cybersecurity compliance and assurance engagements across frameworks including SOC 1, SOC 2, ISO 27001, HITRUST, HIPAA, and related regulatory or industry standards.
- Manage multiple concurrent client engagements, project teams, timelines, budgets, and delivery expectations across cybersecurity compliance and assurance services.
- Serve as the primary engagement lead and trusted advisor for client accounts, including executive-level communications, escalations, and strategic guidance.
- Facilitate client workshops, interviews, and discovery sessions with technical and business stakeholders to gather information regarding security controls, policies, procedures, and operational practices.
- Perform gap assessments, readiness assessments, and control evaluations against applicable framework requirements and industry-leading practices.
- Develop, review, and maintain security and compliance documentation including policies, procedures, risk assessments, system descriptions, control narratives, and related supporting artifacts.
- Provide practical and risk-based remediation guidance to clients to address identified control gaps, deficiencies, and process improvement opportunities.
- Oversee engagement execution and coordinate directly with client stakeholders to manage timelines, risks, escalations, and overall client satisfaction.
- Support audit and assessment activities by assisting clients with evidence collection, walkthrough preparation, auditor coordination, and response management.
- Review client environments and processes to identify compliance risks, operational inefficiencies, and opportunities to improve security posture and program maturity.
- Review and approve consultant work products, deliverables, risk assessments, and client-facing documentation to ensure quality and consistency.
- Manage, mentor, and develop consultants and senior consultants through coaching, technical guidance, quality reviews, and performance feedback.
- Assist practice leadership with resource planning, engagement staffing, utilization management, and service delivery operations.
- Support business development activities including proposal development, scoping discussions, client presentations, and sales support efforts.
- Contribute to the growth and maturity of the practice through process improvement initiatives, methodology development, training programs, and service innovation.
- Participate in client presentations and executive discussions by delivering clear, professional, and business-focused communication regarding compliance and security matters.
- Maintain current knowledge of cybersecurity, compliance, privacy, and assurance trends, standards, and emerging regulatory requirements.
Qualifications
- Bachelor’s or Master’s degree in Information Security, Computer Science, or a related field or combination of relevant education and equivalent work experience.
Experience
- 6–8+ years of experience supporting or leading cybersecurity compliance, risk, or assurance engagements within a consulting, audit, or advisory environment.
- Hands-on experience supporting SOC 1 and SOC 2 assessments, including readiness activities, evidence collection, control testing support, and auditor coordination.
- Experience working with security and compliance frameworks such as SOC 1, SOC 2, ISO 27001, HITRUST, HIPAA, NIST CSF, or related industry standards.
- Experience utilizing GRC and compliance automation platforms such as Vanta and Drata in support of SOC 2 audits and ongoing compliance operations.
- Experience managing client engagements, project teams, and delivery timelines within a professional services or consulting environment.
- Experience mentoring, coaching, or supervising consultants or junior team members.
- Ability to facilitate client meetings, workshops, and discovery sessions with both technical and non-technical stakeholders.
- Experience developing and maintaining security and compliance documentation including policies, procedures, risk assessments, control narratives, and supporting evidence artifacts.
- Strong understanding of information security concepts including access management, logging and monitoring, vulnerability management, change management, vendor risk management, and incident response.
- Experience coordinating project tasks, managing timelines, tracking deliverables, and communicating status updates within a client-facing consulting environment.
- Strong written and verbal communication skills with the ability to present complex compliance and security concepts in a professional and business-friendly manner.
- Ability to independently manage multiple engagements and priorities in a fast-paced consulting environment while maintaining attention to detail and quality.
- Experience participating in business development, proposal support, or client account management activities is preferred.
- Experience working within cloud-based environments such as AWS, Azure, or Google Cloud Platform is preferred.
Certifications
- Relevant industry certifications such as Security+, CISSP, CISA, CRISC, ISO 27001 Lead Implementer/Auditor, HITRUST CCSFP, or similar certifications are preferred.
Skills
- Strong understanding of cybersecurity and compliance frameworks including SOC 1, SOC 2, ISO 27001, HITRUST, and HIPAA.
- Experience utilizing GRC and compliance automation platforms such as Vanta and Drata.
- Strong leadership and team management skills with the ability to mentor, develop, and oversee consulting staff.
- Excellent written and verbal communication skills with the ability to work effectively with both technical and executive stakeholders.
- Strong organizational and project management skills with the ability to manage multiple client engagements and deadlines simultaneously.
- Ability to perform compliance assessments, identify control gaps, and provide practical remediation guidance within client environments.
Compensation & Benefits
- Generous Salary + Bonus
- Company Paid Health Insurance
- Company Paid Dental Insurance
- Company Paid Vision Insurance
- Company Paid Life Insurance
- 401k with 3% Company Contribution (Traditional & Roth Options)
- Generous Vacation Policy
Key skills/competency
- Cybersecurity Compliance
- SOC 2 Audits
- ISO 27001
- HITRUST
- HIPAA
- GRC Platforms (Vanta, Drata)
- Risk Assessment
- Consulting
- Project Management
- Client Relationship Management
Skills & topics
- Cybersecurity Consultant
- Compliance Consultant
- SOC 2
- ISO 27001
- HITRUST
- HIPAA
- GRC
- Vanta
- Drata
- Risk Management
- IT Audit
- Information Security
- Cybersecurity
- Consulting
- Management
- Client Relations
How to get hired
- Tailor your resume: Highlight relevant cybersecurity compliance, audit, and GRC platform experience. Use keywords from the job description.
- Showcase leadership: Emphasize experience leading engagements, managing teams, and mentoring consultants.
- Quantify achievements: Use numbers to demonstrate impact in managing projects, client satisfaction, or process improvements.
- Prepare for interviews: Be ready to discuss your experience with SOC 2, ISO 27001, HITRUST, HIPAA, and GRC tools like Vanta or Drata.
- Research RISCPoint: Understand their client-focused, collaborative approach and their specialization in cybersecurity compliance.
Technical preparation
Master SOC 1/2, ISO 27001, HITRUST, HIPAA frameworks.,Become proficient with GRC tools like Vanta, Drata.,Understand cloud environments (AWS, Azure, GCP).,Develop strong documentation and risk assessment skills.
Behavioral questions
Describe a challenging client engagement and resolution.,How do you mentor and develop junior consultants?,How do you manage multiple client priorities?,Explain a complex security concept to a non-technical stakeholder.
Frequently asked questions
- What are the primary cybersecurity compliance frameworks handled by RISCPoint?
- RISCPoint specializes in navigating complex compliance frameworks such as FedRAMP, SOC 2, ISO 27001, HITRUST, and HIPAA. A Managing Consultant in Cybersecurity Compliance will lead engagements across these critical areas.
- What GRC and compliance automation platforms does RISCPoint utilize?
- RISCPoint leverages GRC and compliance automation platforms like Vanta and Drata to streamline evidence collection, control monitoring, and audit coordination activities. Experience with these or similar platforms is highly valued for this role.
- What is the expected experience level for a Managing Consultant at RISCPoint?
- The role typically requires 6-8+ years of experience in cybersecurity compliance, risk, or assurance engagements, preferably within a consulting or advisory environment. Experience in leadership and client management is also crucial.
- Are specific certifications required for the Managing Consultant – Cybersecurity Compliance role at RISCPoint?
- While not strictly required, relevant industry certifications such as Security+, CISSP, CISA, CRISC, ISO 27001 Lead Implementer/Auditor, or HITRUST CCSFP are preferred and can significantly strengthen an application.
- What are the key client-facing responsibilities for this role?
- As a primary engagement lead and trusted advisor, you will manage client relationships, conduct workshops and interviews, provide strategic compliance guidance, and communicate with executive-level stakeholders. This includes managing escalations and ensuring high-quality service delivery.
- Does RISCPoint offer opportunities for professional development and growth within the practice?
- Yes, RISCPoint emphasizes consultant development through coaching, technical guidance, and quality reviews. The role also contributes to practice growth through process improvement, methodology development, and service innovation.
- What is the typical work arrangement for a Managing Consultant at RISCPoint?
- While the job description doesn't explicitly state the work arrangement, consulting roles often involve a hybrid model with client site visits and some remote work. Specifics would likely be discussed during the interview process.