Senior Compliance / GRC Manager

About Agency Cybersecurity:

Agency Cybersecurity is fast growing ventured back startup that provides best-in-class cybersecurity and compliance. Our software and services simplify complex compliance frameworks including SOC2, ISO 27001, HIPAA, and others, empowering businesses to scale securely and confidently. We're backed by top tier investors like Y Combinator and have offices in NYC, Boston, Richmond, and London.

Location: 100% On-Site in Richmond VA

Position Type: Full-Time, Salaried

Experience Level: Senior Manager Level

Compensation: $115,000 to $145,000 total comp, including annual bonus and benefits.

Job Summary:

Agency Cybersecurity is seeking a Senior Compliance / GRC Manager to join our fast-growing team. This senior-level role is ideal for an experienced compliance professional who has led cybersecurity and compliance engagements from start to finish in a consulting environment. You will be responsible for managing multiple client relationships, leading audits end-to-end, and delivering exceptional cybersecurity compliance services.

Key Responsibilities:

• Serve as the primary point of contact for multiple cybersecurity and compliance client engagements.
• Lead and manage SOC 2, ISO 27001, HIPAA, and other compliance framework audits from initiation through completion.
• Own the delivery of multiple simultaneous client projects, ensuring timely and high-quality results.
• Conduct gap assessments, risk analyses, and compliance readiness reviews for clients
• Develop and implement comprehensive compliance strategies and remediation plans
• Coordinate with external auditors and manage all aspects of the audit process
• Build and maintain strong client relationships, serving as a trusted advisor on compliance matters
• Guide clients through complex compliance requirements and regulatory standards
• Create detailed compliance documentation, policies, procedures, and control frameworks
• Manage a team of 10 junior members
• Stay current on evolving compliance frameworks, regulations, and industry standards

Required Qualifications:

• Minimum 4+ years of consulting experience at a cybersecurity and compliance consulting firm
• Proven track record as primary point of contact on multiple client engagements
• Demonstrated experience owning delivery for multiple clients simultaneously
• Extensive experience leading compliance audits end-to-end (SOC 2, ISO 27001, HIPAA, etc.)
• Deep domain expertise with 40+ SOC 2 engagements completed
• Strong understanding of compliance frameworks, including SOC 2, ISO 27001, HIPAA, NIST, and related standards
• Excellent project management skills with the ability to manage multiple concurrent engagements
• Outstanding client-facing communication and relationship management skills
• Strong analytical and problem-solving abilities
• Experience developing compliance documentation, policies, and procedures
• Bachelor's degree in Information Security, Computer Science, Business, or related field (or equivalent experience)

Preferred Qualifications:

• Professional certifications such as CISSP, CISA, CISM, or similar
• Experience with GRC platforms and compliance automation tools (Vanta, Drata, etc)
• Background working with startup or high-growth technology companies
• Experience with additional frameworks such as FedRAMP, PCI-DSS, or GDPR
• Previous experience at a Big Four firm or top-tier cybersecurity consultancy
• Strong technical background in information security and cloud infrastructure

What We Offer:

• Competitive compensation: $115,000 to $145,000 total comp, including annual bonus and benefits
• Opportunity to work with diverse clients across industries
• Collaborative team environment with a fast-paced startup team
• Exposure to cutting-edge compliance technology and methodologies
• Career growth opportunities in a fast-growing
• Work with top-tier clients backed by leading investors