Risk Senior Manager

About The Position

Requirements

• 8–12+ years of progressively responsible experience in public accounting, consulting, or a comparable risk/security practice.
• Proven track record in SOC (SSAE 18) readiness and examinations (SOC 1/SOC 2), including planning, testing, supervision, and reporting.
• Hands-on experience with ISO/IEC 27001 (ISMS design/implementation, internal audit, certification readiness) and familiarity with ISO/IEC 42001 (AI Management System) frameworks and AI governance concepts.
• Demonstrated sales/business development success (pipeline creation, proposals/orals, solutioning, closing) and account growth.
• People leadership experience: managing teams, setting priorities, and developing talent across multiple engagements.
• Strong understanding of security and IT risk domains (identity and access, change/configuration, secure engineering, vendor risk, cloud controls, incident response, logging/monitoring, data governance, AI governance).
• Excellent client communication, executive presence, and stakeholder management skills.
• Prior practice-building responsibilities (offerings, pricing models, partner alliances).
• Bachelor’s degree in Accounting, Information Systems, Computer Science, Cybersecurity, or related field; Master’s degree a plus.
• One or more of the following required: CISA (Certified Information Systems Auditor) ISO/IEC 27001 Lead Implementer or Lead Auditor (or equivalent ISO credential) CPA (active)
• Additional relevant certifications a plus: CISSP, CCSP, CRISC, CISM, ISO/IEC 42001-related training/credentials.

Nice To Haves

• Experience coordinating with external auditors and working in regulated industries (SaaS, fintech, healthcare, critical infrastructure).
• Working knowledge of cloud security (Azure, AWS, GCP) and enabling platforms (e.g., M365/Entra ID, ServiceNow GRC, Archer, OneTrust).

Responsibilities

• Own a personal book-of-business growth target; lead opportunity pursuit from prospecting through close (RFPs, proposals, orals, scoping, pricing).
• Build and manage an opportunity pipeline across SOC (1/2/3), readiness, ISO 27001 ISMS implementation/assessments, ISO 42001 (AI Management System) readiness/certification guidance, and security program advisory.
• Develop go-to-market (GTM) offerings, thought leadership, and partner/alliances; collaborate with Marketing on campaigns and events.
• Expand client relationships at the CISO, CIO, CTO, CAE, CFO levels; lead cross-sell with Assurance, Tax, and other Cyber/Technology teams.
• Lead SOC (SSAE 18) readiness and examination projects (SOC 1 Type 1/2, SOC 2 Type 1/2, SOC 3), including scoping, testing strategy, and report quality.
• Lead ISO/IEC 27001 implementations (ISMS design, risk assessment, controls, internal audits, certification readiness) and ISO/IEC 42001 readiness/implementation for AI governance.
• Oversee delivery quality, risk, and timelines across multiple concurrent engagements; ensure methodology compliance and audit defensibility.
• Manage, coach, and develop a team of managers/ seniors/ associates; lead staffing, utilization, and performance.
• Champion a collaborative, inclusive, and learning-oriented culture; provide timely feedback and career guidance.
• Strengthen delivery playbooks, templates, and accelerators; contribute to practice P&L hygiene (pricing discipline, margin, WIP/AR, scope management).

Benefits

• As a 100% employee-owned firm, SC&H offers the unique benefit of real equity ownership for every colleague with at least 1 year of service.
• Watch your stake grow as your tenure increases and the firm achieves success.
• We also offer a comprehensive health plan with multiple options to suit your needs, at least 4 weeks of paid time off, 8 firm-paid holidays, 401k with employer match, and an annual firm trip for you and a guest to an all-inclusive tropical location.