Private Equity and Venture Capital Cybersecurity SME - Senior Manager

About The Position

Requirements

• Eight plus years of relevant experience in cybersecurity consulting, GRC, risk management, or compliance with meaningful direct experience serving private equity sponsors, venture capital firms, or PE-backed portfolio companies (level will map to experience).
• Bachelor’s degree in a related field is required.
• Demonstrated expertise across the PE/VC cybersecurity advisory lifecycle: pre-acquisition cyber due diligence (buy-side and sell-side), post-close 100-day security planning and portfolio company stand-up, and integration and carve-out cybersecurity workstreams.
• Framework implementation and operationalization: NIST CSF, ISO 27001/27002, SOC 2, CIS Controls.
• Familiarity with privacy and regulatory requirements common to PE portfolio company sectors (HIPAA, GDPR/CCPA, SOX ITGC, PCI DSS); deep privacy program build-out expertise is not required.
• Experience performing or leading: cybersecurity due diligence assessments for M&A transactions, rapid maturity uplift and 100-day security roadmap delivery, integration or carve-out cybersecurity workstreams, enterprise/security risk assessments, control design/testing, policy and standards development, compliance/regulatory readiness programs (especially SOX ITGC, SOC 2, HIPAA for portfolio companies).
• Exceptional written and verbal communication skills with a track record of producing executive-level deliverables.
• Proven ability to lead teams, manage timelines/budgets, and deliver in a client-facing environment.

Nice To Haves

• Certifications: CISM, CISSP, CRISC, CISA, ISO 27001 Lead Implementer/Lead Auditor.
• Direct experience working within a private equity or venture capital firm (in-house security, operating partner role, or embedded advisory).
• Experience supporting portfolio-wide cybersecurity programs across multiple simultaneous investments.
• Exposure to incident readiness, tabletop exercises, and crisis communications coordination with Legal/Comms.
• Experience supporting audits and assurance activities (SOC 2 readiness, ISO certification readiness, internal audit coordination).

Responsibilities

• Lead cybersecurity advisory engagements across the PE/VC deal lifecycle: pre-acquisition due diligence, post-close 100-day security planning, portfolio company maturity uplift, carve-out/stand-up, and exit readiness assessments.
• Conduct and manage cybersecurity due diligence assessments for buy-side and sell-side transactions: identify material risks, quantify cyber exposure, and deliver findings in deal-team-ready formats (red/yellow/green risk summaries, indemnification inputs, rep & warranty considerations).
• Design and operationalize cybersecurity governance models (policies, standards, risk appetite, committees, reporting KPIs/KRIs) scaled appropriately to portfolio company size and PE ownership model.
• Build and mature enterprise risk programs: risk assessments, risk registers, control libraries, and control testing approaches.
• Develop and implement security policies, standards, and procedures aligned to common frameworks (e.g., NIST CSF, ISO 27001/27002, CIS, SOC 2, CMMC, FedRAMP).
• Support regulatory readiness and compliance initiatives relevant to PE portfolio company sectors (e.g., SEC cyber disclosure rules, SOX ITGC for pre-IPO/public-co readiness, HIPAA for healthcare portfolio companies, PCI DSS, NYDFS 500, GDPR/CCPA where applicable).
• Develop investment-grade cybersecurity roadmaps and remediation plans tied to PE value-creation timelines; track progress against milestones and communicate status to operating partners and deal teams.
• Advise on cybersecurity integration and separation activities for M&A transactions: network segmentation, identity/access migration, data classification, Day 1 security controls, and TSA/ITSA cybersecurity workstreams.
• Perform vendor/third-party risk assessments and implement scalable TPRM operating models appropriate for PE-owned businesses.
• Coordinate cross-functional stakeholders (Legal, IT, Security, Compliance, Product, HR) to drive outcomes and adoption.
• Translate complex technical, regulatory, and privacy requirements into business-oriented recommendations.
• Deliver executive-ready artifacts tailored to PE/VC audiences: LP/board cybersecurity reporting, deal-team risk summaries, portfolio-wide security heatmaps, 100-day plan progress updates, and audit committee materials.
• Serve as a trusted advisor to senior leadership; confidently present findings and influence decisions.
• Contribute to go-to-market development: offerings, templates, accelerators, methodologies, and points of view.
• Support business development through proposal writing, SOW development, client presentations, and solution shaping.
• Mentor and develop consultants and managers; lead teams across multiple engagements while maintaining quality and delivery rigor.
• Partner with other CFGI service lines (Accounting Advisory, CFO Advisory, Technology Enablement) to deliver integrated solutions.

Benefits

• Competitive compensation
• benefits
• career growth trajectory