Senior vCISO​/GRC Consulting Manager

Agency Cybersecurity is fast growing, venture-backed startup that provides best‑in‑class cybersecurity and compliance. Our software and services simplify complex compliance frameworks including SOC2, ISO 27001, HIPAA, and others, empowering businesses to scale securely and confidently. We are backed by top tier investors like Y Combinator and have offices in NYC, Boston, Richmond, and London.

We are seeking a Senior vCISO / GRC Consulting Manager to lead client‑facing cybersecurity, governance, risk, and compliance engagements for organizations pursuing or maintaining security frameworks such as NIST 800‑171, 800‑53, or CMMC as well as experience with SOC 2, ISO 27001, and related trust and security standards
. This is an in‑person consulting leadership role based in Richmond, VA
. The Senior vCISO will work directly with clients, internal delivery teams, and company leadership to provide hands‑on advisory support, manage GRC engagements, and lead a team responsible for delivering high‑quality cybersecurity and compliance services.

The Senior vCISO will serve as a strategic advisor to clients, helping them understand their security and compliance obligations, prioritize risk, prepare for audits, implement practical controls, and build scalable security programs. This person will also manage a team of GRC consultants, analysts, and implementation specialists responsible for delivering client work.

The ideal candidate has at least 6 years of professional experience in GRC, cybersecurity compliance, audit readiness, or related advisory work
, including at least 4 years in a management or team leadership role
. This person should be comfortable advising executives, managing client relationships, leading teams, working with auditors, and translating complex security and compliance requirements into clear business actions.

• Serve as a trusted vCISO advisor to clients across cybersecurity, governance, risk, and compliance matters.
• Provide practical guidance to executive teams, founders, security leaders, IT teams, and business stakeholders.
• Help clients understand what they need to do to improve security, pass audits, reduce risk, and satisfy customer requirements.
• Advise clients on security program design, risk prioritization, compliance strategy, policy development, and control implementation.
• Lead client meetings, executive briefings, audit readiness sessions, and risk review discussions.
• Translate technical and compliance requirements into clear, business‑friendly recommendations.

• Lead client engagements related to SOC 2, ISO 27001
  , and other audited security frameworks.
• Develop and manage compliance roadmaps, audit readiness plans, and remediation timelines for clients.
• Guide clients through the full lifecycle of compliance readiness, including scoping, gap assessments, control implementation, evidence collection, audit support, and ongoing maintenance.
• Help clients determine the right level of security and compliance maturity for their size, industry, customer expectations, and business goals.
• Ensure compliance programs are practical, defensible, and not unnecessarily burdensome.

• Lead SOC 2 Type 1 and Type 2 readiness initiatives for clients.
• Support ISO 27001 implementation, certification preparation, surveillance audit readiness, and continuous improvement.
• Coordinate with external auditors, assessors, client stakeholders, and internal delivery teams.
• Review audit evidence, control documentation, risk registers, policies, and remediation plans.
• Help clients understand audit findings and develop clear plans to address gaps.
• Maintain strong working knowledge of SOC 2 Trust Services Criteria, ISO 27001 requirements, and common security control expectations.

• Manage a team of GRC consultants, analysts, and implementation resources.
• Assign work, oversee deliverables, manage deadlines, and ensure consistent quality across client engagements.
• Coach and mentor team members on GRC consulting, client communication, audit readiness, and control…