Senior Advisor, Security Risk & Compliance

About The Position

Requirements

• Bachelor's degree in Cybersecurity, Information Systems, Computer Science, or related field or equivalent experience.
• Direct experience interacting with enterprise technology environments
• Direct experience building relationships with technology teams
• Direct experience creating technical documentation and reports
• Direct experience performing technology risk assessments
• Direct experience managing risk registers
• Direct experience evaluating security exceptions
• Direct experience working with IT control and risk management frameworks (NIST CSF, NIST 800-53, ISO 27001/27002, ISO 31000, COBIT, COSO, etc.)
• Direct experience working with relevant legal, regulatory, and industry compliance frameworks (PCI-DSS, SOC, HIPAA, etc.)
• Familiar with general information security concepts including, but not limited to, segregation, separation of duties, least privilege, restricted access, restricted disclosure, and incident response
• Familiar with specific security technology concepts including, but not limited to, the following areas: segmentation, segregation, asset/endpoint, infrastructure, application development, cryptography, cloud, network, web application, and zero trust
• Familiar with privacy legislation (GDPR, CCPA, CPRA, PDPL, etc.)
• Direct Experience = hands on experience in a professional setting
• Working Knowledge = domain specific knowledge acquired through hands on experience in professional or home/lab settings
• Familiarity = domain specific knowledge acquired through training, coursework, or other methods without hands on experience.

Nice To Haves

• You bring real-world cloud and security experience backed by strong analytical thinking and industry-recognized certifications such as CRISC, CCSP, CISM, CISA, or CISSP.
• You lead with grit - driven to learn fast, adapt quickly, and push past roadblocks with curiosity and determination.
• You thrive in collaboration, building trust and alignment across technical and business teams.
• You're comfortable in the gray, making smart, balanced decisions even when not all data is available.
• You communicate with clarity and impact, translating deep technical insight into confident, actionable direction.

Responsibilities

• Manage a comprehensive cybersecurity risk and compliance program aligned to industry standard control frameworks.
• Partner with security teams to review and assess exceptions to security policies and standards across key technology domains including, but not limited to, network security posture, cloud security posture, application security, data security, identity & access management, and endpoint security.
• Perform and oversee risk assessments, control evaluations, and compliance reviews to establish baselines, identify and measure gaps in implementation, and manage remediation activities.
• Manage and maintain the enterprise cybersecurity risk register, ensuring that risk items are tracked, prioritized, and reported to senior management and governance committees.
• Translate technical vulnerabilities and risks into business impact for team members, enabling informed decision-making.
• Support internal and external audits, validating findings, ensuring effective remediation, and driving continuous improvement of controls.
• Coordinate and refine the security exception management process.
• Monitor and interpret emerging threats, technologies, and regulations; advise leadership on adjustments to risk strategy and controls.
• Deliver training and awareness as needed to enhance organizational understanding of cybersecurity risk management.

Benefits

• Time to Recharge: Flexible time off (FTO), 15 paid holidays
• Time to Recover: Paid sick time
• Family Well-Being: Parental/new child leave, childcare & elder care assistance, adoption assistance
• Extra Perks: Comprehensive health coverage, 401(k), tuition assistance, commuter benefits, professional development, employee recognition, charitable donation matching, health coaching and counseling