Security Advisor

Join a technology services organization as a Security Advisor in a full-time, onsite role serving as a trusted, client-facing security and compliance partner embedded on a key account. This position helps leadership identify compliance risks and control gaps across infrastructure and application practices, conduct and document risk assessments for new and existing initiatives, and mature governance artifacts that support SOC 2 auditability aligned to NIST frameworks. You'll act as the security advisor supporting the Director, translating risk and compliance requirements into actionable priorities while partnering with engineering and operations teams to ensure remediation work is tracked, owned, and evidenced.

This is an exceptional opportunity for a CISA-certified professional to work in a high-impact, client-facing advisory role where you'll directly influence security and compliance strategy. Unlike purely audit-focused positions, this role combines strategic advisory work with hands-on risk assessments and governance maturity efforts. You'll have significant autonomy to lead risk assessments for new projects, material changes, and existing applications while producing leadership-ready outputs including risk narratives, remediation recommendations, and decision memos. The embedded nature of the role means you'll build deep relationships with client executives and technical teams, providing continuous guidance rather than periodic assessments. You'll contribute to and help mature critical compliance documentation including Incident Response Plans and Disaster Recovery documentation, gaining valuable experience across the full governance lifecycle. Working directly with the Director provides high visibility and opportunities to lead difficult prioritization conversations at the executive level. The role offers diverse technical exposure across infrastructure, applications, cloud patterns, and identity systems while deepening your expertise in NIST-aligned frameworks and SOC 2 audit readiness. With opportunities to facilitate tabletop exercises and establish repeatable audit evidence practices, you'll build enterprise-scale governance capabilities that are highly valued in the market.
Required Skills & Experience

• CISA certification (required)
• 5+ years in IT audit, GRC, compliance, or security advisory roles
• Demonstrated experience conducting risk assessments and documenting results for leadership audiences
• Working knowledge of NIST-aligned control frameworks such as NIST CSF or NIST 800-53 concepts
• Understanding of how NIST frameworks relate to audit evidence requirements
• Strong writing skills with ability to produce crisp plans, policies, procedures, and executive summaries
• Comfortable engaging with client executives and leading difficult prioritization conversations
• Experience performing control gap assessments across infrastructure, operational processes, and application/security practices
• Ability to map findings to control frameworks and audit readiness expectations
• Experience producing risk narratives, remediation recommendations, and decision memos
• Strong analytical and problem-solving skills
• Excellent communication skills for technical and non-technical audiences
• Ability to work onsite full-time

Desired Skills & Experience

• Experience supporting SOC 2 readiness or audit (internal prep or external audit support)
• Familiarity with secure SDLC concepts and common cloud/identity patterns
• Azure cloud platform familiarity
• Experience facilitating tabletop exercises and operational readiness reviews
• Additional certifications such as CISM, CRISC, or CISSP
• Experience with evidence collection and audit evidence matrices
• Disaster recovery planning and testing experience
• Incident response planning and execution
• Experience working in embedded or advisory capacities with clients
• Understanding of identity and access management patterns
• Knowledge of common application security practices

What You Will Be Doing
Tech Breakdown

• 35% Risk Assessments (new projects, material changes, existing applications)
• 30% Control Gap Assessments (infrastructure, processes, application/security practices)
• 20% Governance Documentation (policies, plans, procedures, evidence matrices)
• 15% Client Advisory and Collaboration (executive engagement, prioritization, remediation tracking)

Daily Responsibilities

• 45% Advisory and Assessment Work (risk assessments, gap analyses, control mapping)
• 35% Documentation and Reporting (risk narratives, recommendations, governance artifacts)
• 20% Collaboration and Engagement (client meetings, remediation tracking, team coordination)