About the Role
Full-time, client-facing leadership role with a growing cybersecurity professional services practice. Overtime may be required to meet client deliverables. This person will lead security and compliance assessment engagements, manage project teams, and contribute to overall practice management. One of the following credentials is required: CISA, CISSP, or CPA.
What You''ll Do
- Lead projects, teams, and client relationships across compliance and assessment engagements (SOC reporting, PCI, HIPAA, ISO 27001, NIST 800-53/171, HITRUST, vendor privacy assurance, GDPR, and other risk-based work)
- Plan, execute, and close cybersecurity assessment and compliance projects tailored to each engagement''s scope
- Own a book of business with multiple concurrent projects, including scheduling and administration
- Draft and review audit reports describing procedures performed, testing results, control weaknesses, and risk exposure
- Document and test client information systems; recommend improvements to technology and infrastructure
- Verify that applications, infrastructure, and controls operate as intended
- Perform risk-based integrated reviews of financial, operational, systems, and management controls
- Build and maintain strong client and team relationships; support retention on both sides
- Coach, train, and develop junior staff; foster a collaborative team environment
- Perform detailed reviews of workpapers, reports, and proposals to ensure quality deliverables
- Execute hands-on technical work in complex areas when needed
- Travel to client sites as needed
Required Qualifications
- Bachelor''s in MIS, Cybersecurity, Accounting, Finance, or related field
- At least one of: CPA, CISA, or CISSP
- 4+ years in cybersecurity compliance, security assessment, or architecture design/review
- 2+ years of professional services experience at the senior level
- 1–3 years of supervisory/management experience
- Executive presence, strong writing and technical skills, and proven ability to mentor others
- Track record of delivering engagements on time and on budget
Preferred Qualifications
- MBA or MS
- Willingness to pursue additional certifications (CISM, ISO 27001 LA, PCI QSA, HITRUST CCSFP, etc.)
- Working knowledge of multiple security frameworks, application controls, and the SDLC
- Entrepreneurial, client-centric mindset; works well independently and on teams
- Extensive completed engagement history (25+ professional services projects preferred)
Determining compensation for this role (and others) at Vaco/Highspring depends upon a wide array of factors including but not limited to the individual’s skill sets, experience and training, licensure and certifications, office location and other geographic considerations, as well as other business and organizational needs. With that said, as required by local law in geographies that require salary range disclosure, Vaco/Highspring notes the salary range for the role is noted in this job posting. The individual may also be eligible for discretionary bonuses, and can participate in medical, dental, and vision benefits as well as the company’s 401(k) retirement plan. Additional disclaimer: Unless otherwise noted in the job description, the position Vaco/Highspring is filing for is occupied. Please note, however, that Vaco/Highspring is regularly asked to provide talent to other organizations. By submitting to this position, you are agreeing to be included in our talent pool for future hiring for similarly qualified positions. Submissions to this position are subject to the use of AI to perform preliminary candidate screenings, focused on ensuring minimum job requirements noted in the position are satisfied. Further assessment of candidates beyond this initial phase within Vaco/Highspring will be otherwise assessed by recruiters and hiring managers. Vaco/Highspring does not have knowledge of the tools used by its clients in making final hiring decisions and cannot opine on their use of AI products.