Senior Compliance / GRC Manager

About Agency Cybersecurity:

Agency Cybersecurity is fast growing ventured back startup that provides best-in-class cybersecurity and compliance. Our software and services simplify complex compliance frameworks including SOC2, ISO 27001, HIPAA, and others, empowering businesses to scale securely and confidently. We're backed by top tier investors like Y Combinator and have offices in NYC, Boston, Richmond, and London.

Location: 100% On-Site in New York, NY

Position Type: Full-Time Salaried

Experience Level: Senior Manager Level

Compensation: $135,000 to $175,000 total comp, including annual bonus and benefits.

Job Summary:

Agency Cybersecurity is seeking a Senior Compliance / GRC Manager to join our fast-growing team. This senior-level role is ideal for an experienced compliance professional who has led cybersecurity and compliance engagements from start to finish in a consulting environment. You will be responsible for managing multiple client relationships, leading audits end-to-end, and delivering exceptional cybersecurity compliance services.

Key Responsibilities:

Serve as the primary point of contact for multiple cybersecurity and compliance client engagements.Lead and manage SOC 2, ISO 27001, HIPAA, and other compliance framework audits from initiation through completion.Own the delivery of multiple simultaneous client projects, ensuring timely and high-quality results.Conduct gap assessments, risk analyses, and compliance readiness reviews for clientsDevelop and implement comprehensive compliance strategies and remediation plansCoordinate with external auditors and manage all aspects of the audit processBuild and maintain strong client relationships, serving as a trusted advisor on compliance mattersGuide clients through complex compliance requirements and regulatory standardsCreate detailed compliance documentation, policies, procedures, and control frameworksManage a team of 10 junior membersStay current on evolving compliance frameworks, regulations, and industry standards

Required Qualifications:

Minimum 4 years of consulting experience at a cybersecurity and compliance consulting firmProven track record as primary point of contact on multiple client engagementsDemonstrated experience owning delivery for multiple clients simultaneouslyExtensive experience leading compliance audits end-to-end (SOC 2, ISO 27001, HIPAA, etc.)Deep domain expertise with 40 SOC 2 engagements completedStrong understanding of compliance frameworks, including SOC 2, ISO 27001, HIPAA, NIST, and related standardsExcellent project management skills withthe ability to manage multiple concurrent engagementsOutstanding client-facing communication and relationship management skillsStrong analytical and problem-solving abilitiesExperience developing compliance documentation, policies, and proceduresBachelor's degree in Information Security, Computer Science, Business, or related field (or equivalent experience)

Preferred Qualifications:

Professional certifications such as CISSP, CISA, CISM, or similarExperience with GRC platforms and compliance automation tools (Vanta, Drata, etc)Background working with startup or high-growth technology companiesExperience with additional frameworks such as FedRAMP, PCI-DSS, or GDPRPrevious experience at a Big Four firm or top-tier cybersecurity consultancyStrong technical background in information security and cloud infrastructure

What We Offer:

Competitive compensation: $135,000 to $175,000 total comp, including annual bonus and benefitsOpportunity to work with diverse clients across industriesCollaborative team environment with a fast-paced startup teamExposure to cutting-edge compliance technology and methodologiesCareer growth opportunities in a fast-growingWork with top-tier clients backed by leading investors