Security and Compliance Consultant

Cyber74, the strongest element in cybersecurity. We’re an advanced Managed Security Services Provider (MSSP) serving small and medium sized businesses across North America. We deliver a best-in-class advanced security program with common sense and clarity. Offering over 50 types of comprehensive cybersecurity protection, we partner with organizations to elevate their entire security standing and IT infrastructure – ensuring they’re protected from today’s most sophisticated cybersecurity threats. What makes us different and why is this the right team for you? Find out. (Please note: Every application submitted through Workday is reviewed by a real person, not an AI. We value your time and take each submission seriously.) Summary The vCISO and Compliance Consultant will be responsible for providing virtual Chief Information Security Officer (vCISO) services and leading information security governance, risk, and compliance initiatives for Cyber74 and New Charter Technologies Operating Company clientele. In this role, the vCISO and Compliance Consultant will help clients define and implement security strategies, roadmaps, policies, and governance structures while also performing cybersecurity readiness assessments, gap analyses, and maturity assessments using frameworks such as CMMC, the NIST Cybersecurity Framework (NIST CSF), HIPAA, and supporting standards including NIST 800-171. In addition to security program leadership and compliance oversight, the vCISO and Compliance Consultant will provide clear, actionable recommendations to clients and collaborate with Operating Company colleagues to share security trends, risks, and best practices. Primary Responsibilities • Working under general supervision, the vCISO and Compliance Consultant will guide clients in the development and ongoing management of their information security programs while monitoring, managing, and closing compliance issues to ensure alignment with applicable standards and regulations. • In carrying out these functions, the vCISO and Compliance Consultant will identify, evaluate, and interpret regulatory, statutory, and customer security requirements, control deficiencies, and information security risks, and translate them into prioritized program initiatives. • Serve as a virtual CISO for assigned clients, providing leadership in the development of security strategy, governance structures, and multi-year security roadmaps aligned to business goals and risk appetite. • Engage with clients and conduct cybersecurity readiness assessments, gap analyses, and maturity assessments using frameworks such as CMMC, NIST CSF, HIPAA, and related standards (including NIST 800-171 and NIST 800-53), and translate the results into program and project plans. • Consult with executive and technical stakeholders to understand key business, regulatory, and security challenges, and provide pragmatic recommendations that balance risk reduction, cost, and operational impact. • Develop, review, and refine client security policies, standards, and procedures, ensuring consistency with leading practices and alignment with contractual, regulatory, and customer requirements. • Support clients in establishing and maintaining governance mechanisms such as security steering committees, risk registers, exception and waiver processes, and formal risk acceptance documentation. • Prepare and deliver client-facing security reporting, including executive summaries, board-level updates, and status reports on remediation and compliance initiatives. • Provide oversight for remediation activities arising from assessments, audits, and incidents by prioritizing efforts, tracking progress, and validating that controls are implemented and operating as intended. • Maintain in-depth knowledge of security regulatory compliance requirements—with particular emphasis on CMMC, NIST CSF, and HIPAA—and translate those into practical control requirements and process improvements for clients. • Articulate and defend IT and security controls, testing approaches, and remediation strategies to both technical and non-technical audiences, including regulators, auditors, and customers when required. • Collaborate with Cyber74 and New Charter Technologies Operating Company stakeholders and personnel to share security knowledge, vulnerability and threat trends, program maturity observations, and analysis findings that can improve the broader security posture. Skills & Experience • Experience in information security leadership and compliance-focused roles with 2–4+ years of experience performing security program management, technical security audits, and risk assessments. • Experience implementing and assessing controls aligned to CMMC, NIST CSF, HIPAA, and related frameworks and standards (e.g., NIST 800-171, NIST 800-53, ISO 27001). • Experience performing cybersecurity readiness and maturity assessments, including those aligned with CMMC, NIST CSF, and HIPAA security/privacy requirements. • Experience with other compliance frameworks (e.g., SOC, SOX, GDPR, FFIEC, PCI, or similar) is a plus. • Experience in creating Supplier Performance Risk Scores (SPRS) • Experience with other compliance frameworks (SOC, SOX, GDPR, FFIEC, etc.) is a plus • Minimum 1+ years’ experience with cloud-based concepts with an emphasis on development and auditing AWS or Azure controls • Well-rounded expertise and exposure to various security technologies, including Anti-Virus, Endpoint Detection and Response (EDR), Data Loss Prevention, Intrusion Prevention, Application Whitelisting, etc. • Experienced at assessing on-premise systems, enterprise SaaS, and cloud offerings, including various infrastructure platforms such as Active Directory, Windows, Linux, etc. • Strong working knowledge of network firewalls, switches, routers, and endpoints • Experience working with network scanning tools such as Tenable Nessus, Qualys, or Rapid-fire Tools • Technical knowledge of network design, cloud platform architecture, and experience with information security governance programs and control framework concepts, particularly the NIST cybersecurity framework • Strong EQ with the ability to develop rapport and provide technical security and risk-related to technical and non-technical audiences • Must be able to influence without authority, innovate to tackle tough problems, and communicate clearly to all levels of the organization • Ability to thrive in a supportive, result-oriented community and are committed to the relentless pursuit of continuous growth • Ability to coordinate multiple tasks and competing demands while working with clients, management, and project resources. • Starting Salary of $95,000 annual and up Dependent on Experience. Preferred Certifications (One or More certifications of the following) • Certified Information Systems Auditor (CISA) • Certified in Risk and Information Systems Control (CRISC) • GIAC Security Essentials (GSEC) • Certified Information Security Manager (CISM) • Certified Information Systems Security Professional (CISSP) • CMMC Certified Professional (CCP) • CMMC Assessor (CCA) • Certified Ethical Hacker (CEH) • A+ • Network+ • Security+ Preferred Attributes • Highly organized and process driven, with the ability to bring structure to client security programs. • Affinity for technology and an interest in staying current with evolving threats, tools, and best practices. • Strong integrity with the ability to work in a highly confidential and trustworthy manner. • Collaborative and flexible with a consultative mindset, comfortable working across multiple Operating Companies and stakeholder groups. • Precise and detailed, delivering consistently high-quality written and verbal deliverables. • Comfortable balancing tactical tasks and strategic planning, and knowing when to focus on each for maximum client value. • Strong desire to learn, grow, and follow direction while also taking initiative to move work forward. • Skilled in interfacing directly with clients and cultivating a long-term trusted advisor relationship with them. • Servant-hearted with a focus on improving the lives and security posture of our customers in every action and interaction. Cyber74, a New Charter Company, is committed to creating an inclusive environment and is proud to be an equal opportunity employer. Cyber74 recruits, employs, trains, compensates, and promotes regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status Apply tot his job