Director of Cybersecurity and Compliance Consulting Services

Position type:Permanent
Compensation: Salary + Ownership

Summary of the Role

The Director of Cybersecurity and Compliance Consulting Services is responsible for working with databracket’s clients in several capacities, including

  • reviewing their compliance and cybersecurity posture;
  • Drafting and delivering technical reports;
  • drafting security policies and procedures;
  • Building maturity models, creating business proposals,
  • delivering a host of technical and business-centric documentation and work products.

As Director, You will also be responsible for managing projects, drafting work products, executing governance/risk/compliance (GRC) engagements, and ensuring that databracket’s clients meet their compliance, privacy, and/or security requirements.

General Duties and Objectives

  • Perform analysis and trending (reports, dashboards, status…etc.) on internal or external progress or events affecting clients’ information security.
  • Engage with clients to understand technical process steps, identify risks, and drive toward completed documentation that aligns with the various programs.
  • Manage client meetings, including ensuring all data requests, timing and schedules, and contact points, are defined.
  • Prepare client deliverables utilizing excellent analytical, writing, and presentation skills.
  • Research regulations by reviewing regulatory bulletins and other sources of information.
  • Prepare management reports.
  • Consult with leadership to improve control efficiencies and operating effectiveness.
  • Partner with key client stakeholders to obtain and review compliance to support technical ISO, SOC 2, and other certification/attestation requirements.
  • Support the completion of the annual HIPAA, NYDFS, ISO, NIST, COSO, or other clients’ attestations.
  • Manage key compliance milestones for critical systems and complex processes.
  • Ensure that all IT policies and procedures are documented and updated according to regulatory standards, deadlines are met, approvals obtained, guidelines followed, repository usage understood, and that the repository or system of record is up to date defined by the IT Governance program.
  • Coordinate various GRC repository system improvement projects and activities to enhance the system of record and maintain effective process controls.
  • Develop and maintain risk registers and design self-assessments to help identify risks.
  • Serve as an escalation point to track and follow-up on risk events.

About the ideal candidate

  • University degree in Computer Science, Information Technology or equivalent
  • 5+ years IT audit experience.
  • BS/MS Degree in Computer Science or related field and/or 5 years of experience in Information Security or Assurance, Privacy, Forensics or IT Audit preferred.
  • CISA, CISM, CIPP, CIA, SANS GIAC, CISSP, and/or other cybersecurity-related certifications recommended.
    Security certifications such as GSNA, GCCC, CISSP, or other related certifications.
  • Excellent written and verbal communication skills.
  • Knowledge of IT controls, risk assessments, and the design and testing of security measures.
  • Understanding of technical audit processes.
  • Understanding of Cyber and Information Security and how to align client initiatives with the company’s business objectives.
  • Demonstrated success in a client-facing service role.
  • Familiarity with a variety of technologies, operating systems, databases, and reporting and data analytics tools.
  • Understanding risk assessment methodologies such as FAIR, Octave, Allegra, and/or other quantitative or qualitative methods.
  • Key Security Framework Background: Understand cybersecurity frameworks and implement or adapt to an organization’s security program to become certified. Such frameworks include: ISO 27001/2; NIST Security frameworks including CSF, 800-171, 800-53, 800-37; FEDRAMP;
  • Key Compliance Background: Understand how to review control design from policy to procedure to evidence. Have experience in making improvement recommendations and remediating control design.
  • Familiarity with data governance and privacy regulations: GLBA, NYDFS, Subject matter expertise related to:
  • SSAE 18 / SOC 1 / SOC 2
  • IT risk assessment / operational IT audit
  • IT general controls
  • COBIT framework

Application process

Create your candidate profile, construct your CV, and post to or apply using the below link. Once we’ve received your application, our recruiters will get in touch with you to arrange a telephone interview.

The following two tabs change content below.
Our mission is to assist organizations in developing and implementing practices to secure data and comply with regulations. With several years of experience in the IT and health care industries, databrackets is poised to meet the needs of your organization via: - Consulting Services - Online, Do-it-yourself Toolkits for Security Risk Assessment - Education (Training, Webinar, and Workshops) For details on how databrackets can provide customized assistance for your organization, please contact us at