Client IT Compliance Consultant

NO H1S OR 3RD PARTIES.

THIS ROLE IS BASED IN NEW YORK CITY.

ROLE DESCRIPTION

The Senior Client Compliance Consultant plays a vital role in managing all client-facing compliance activities for the firm. This includes organizing due diligence responses, tracking compliance timelines, preparing policy documentation, and communicating key regulatory developments. The successful candidate will possess strong writing and presentation skills, an understanding of security and regulatory frameworks, and a proactive, organized, and client-oriented mindset.

KEY RESPONSIBILITIES

Client Due Diligence & Requests

Coordinate incoming and outgoing due diligence questionnaires, vendor assessments, and security documentation from clients and partners.

Maintain a repository of compliance materials and coordinate subject matter expert (SME) involvement to complete responses.

Ensure timely and complete delivery of all compliance documentation.

Compliance Calendar & Operational Coordination

Work with clients to create and maintain IT Compliance Calendars that covers their IT related compliance considerations including:

o Annual security reviews

o Annual disaster recovery and business continuity plan testing

o Annual policy and control reviews

o Annual cyber security testing

o Annual vendor reviews

o Annual penetration testing

o Coordination and planning of tabletop exercises

o Regulatory deadlines and attestations

o ISO 27001 Program including key activities, internal and external audit, and InfoSec meetings

Schedule and track progress of key compliance activities, engaging relevant stakeholders.

Regulatory Monitoring & Trend Response

Monitor changes in client-relevant regulatory environments (e.g., SEC, NY SHIELD Act, ISO 27001).

Identify trends and communicate legislative developments to clients and internal teams.

Assist in developing strategies and action plans to ensure client readiness.

Policy Documentation & Best Practice Alignment

Lead the onboarding process for client compliance documentation, including drafting baseline policies and procedures.

Work with the technical teams to support critical client IT processes (on/off boarding, change management, etc.)

Review client policies and ensure alignment with regulatory standards and best practices.

Identify documentation gaps and propose remediation.

For the ISO 27001 Program:

o Draft, maintain, and manage internal information security policies and procedures in alignment with ISO 27001 controls and Annex A requirements.

o Oversee version control, policy review cycles, and internal approvals.

o Ensure policies remain current with changes in business operations, risk posture, and industry standards.

o Coordinate and document policy acceptance and training efforts across the firm.

Stakeholder Communication & Presentation

Deliver briefings and presentations to internal teams and external clients on compliance posture, regulatory changes, and project milestones.

Translate complex compliance issues into clear, actionable language suitable for business and technical audiences.

TRAVEL/JOB EXPECTATIONS

Occasional travel to office in NY and client sites, as required.

Adherence to the Information Security Management System (ISMS) framework:

o The ISMS consists of processes and controls to manage the firm s data security with a goal of protecting the confidentiality, integrity, and availability of information assets for clients and of company

o Personnel are expected to contribute continuously to the ISMS framework by:

Reporting incidents, events, and potential threats

Identifying weakness within the ISMS and reporting it

Providing recommendations for improvement for both the security infrastructure and related operating procedures

o Personnel should recognize the implications of non-conformance

This job description is not intended to cover or describe all the tasks, duties, and responsibilities that may be required nor does this constitute an offer of employment

REQUIRED QUALIFICIATIONS

Bachelor s degree in Business, Law, Information Security, or a related discipline.

Minimum 5 years of experience in compliance, information security, risk, or regulatory affairs.

Demonstrated ability to manage projects and meet deadlines across multiple stakeholders.

Excellent grammar, writing, and verbal communication skills; strong attention to detail.

Familiarity with relevant regulatory and security frameworks (e.g., ISO 27001, SOC 2, HIPAA, NY SHIELD Act, SEC/FINRA).

Ability to interpret and summarize legal and regulatory changes for a professional audience.

DESIRED QUALIFICATIONS

Experience in IT consulting, SaaS, or professional services environments.

Prior supervisory experience.

Professional certifications such as CISA, CIPM, or CIPP.