Compliance Team Lead

About The Position

Requirements

• 3–5+ years of hands-on experience personally executing engagements across SOC 2 (Type I & II), ISO 27001, and/or PCI DSS — not just program oversight
• Demonstrated ability to independently run a compliance engagement end-to-end: scoping, gap analysis, control mapping, evidence collection, and audit preparation
• Proven ability to write information security policies, risk assessments, and audit evidence packages from scratch

Nice To Haves

• Experience in a managed services or consulting environment strongly preferred
• Familiarity with GRC platforms, particularly IntelliGRC (Cyber74's platform of record); experience with Drata, Vanta, Tugboat Logic, or similar tools also valued
• Exposure to HIPAA, NIST CSF, or CMMC is a bonus
• Relevant certifications are a plus: CISA, CRISC, CISSP, CISM, or ISO 27001 Lead Auditor/Implementer
• Strong project management skills with the ability to manage multiple concurrent client engagements independently
• Excellent written and verbal communication skills, including the ability to present technical topics to non-technical stakeholders and executives
• A practitioner at heart — energized by doing the work, not just managing it
• Proven ability to build from scratch: frameworks, processes, and templates in environments where they don't yet exist
• Detail-oriented and process-driven, with a strong commitment to quality and consistency across every client deliverable
• Self-motivated and comfortable working independently in a remote or hybrid environment
• Collaborative and adaptable, able to work across teams and adjust to evolving client needs
• Growth mindset with an interest in developing new compliance capabilities over time
• Comfortable engaging at the executive level and translating compliance requirements into clear business language

Responsibilities

• Personally lead and execute compliance engagements for clients — this is a doing role, not just a directing role
• Serve as the primary hands-on point of contact for client compliance work, managing engagement delivery from kickoff through audit readiness
• Conduct gap analyses, readiness assessments, and risk reviews directly with clients, identifying control deficiencies and building actionable remediation roadmaps
• Develop, write, and maintain client-facing policies, procedures, and control documentation — producing real deliverables, not just reviewing others' work
• Help build and continuously refine Cyber74's internal compliance frameworks, service delivery methodology, templates, and playbooks from the ground up
• Mentor and guide junior compliance staff, reviewing their work and supporting their development without offloading core client responsibilities
• Collaborate with internal security engineers and vCISO team members to deliver integrated security and compliance solutions
• Track regulatory and framework updates to keep client programs current and audit-ready
• Support business development by contributing to proposals, scoping conversations, and client presentations based on direct subject matter expertise

Benefits

• growth and learning initiatives
• employee benefits
• company innovation