Vice President, Compliance & GRC

About Agency Cybersecurity:

Agency Cybersecurity is a fast-growing ventured back startup that provides best-in-class cybersecurity and compliance. Our software and services simplify complex compliance frameworks including SOC2, ISO 27001, HIPAA, and others, empowering businesses to scale securely and confidently. We're backed by top-tier investors like Y Combinator and have offices in NYC, Boston, Richmond, and London.

Location: 100% On-Site in New York, NY

Position Type: Full-Time, Salaried

Experience Level: Vice President Level

Compensation: $175,000 to $225,000 total comp, including annual bonus and benefits.

Agency Cybersecurity is seeking a Vice President of Compliance & GRC to lead and scale our cybersecurity compliance practice. This is a senior executive role with full P&L responsibility, accountable for practice delivery, team leadership, client outcomes, and revenue growth.

This role is ideal for a seasoned compliance leader who has built and run large portfolios of SOC 2 and related compliance engagements in a consulting environment and is ready to own an entire practice end-to-end.

Given the client delivery and practice ownership responsibilities, this role requires prior leadership experience in a cybersecurity or compliance consulting firm.

Role Overview:

As VP of Compliance & GRC, you will own the Compliance & Assurance practice at Agency Cybersecurity. You will be responsible for setting strategy, managing delivery quality, leading and scaling a team, overseeing client relationships, and driving both retention and growth across the portfolio.

You will act as the senior escalation point for complex engagements, guide key clients as a trusted executive advisor, and partner closely with leadership on pricing, packaging, hiring, and go-to-market strategy.

Key Responsibilities:

Practice Ownership & P&L

Own full P&L responsibility for the Compliance & GRC practice, including revenue, margins, utilization, and cost managementSet practice strategy, service offerings, pricing models, and delivery standardsForecast revenue, manage capacity planning, and drive sustainable growthPartner with leadership on annual planning, targets, and practice expansion

Client Delivery & Advisory

Serve as executive sponsor and senior escalation point for key client engagementsOversee delivery of SOC 2, ISO 27001, HIPAA, and other compliance frameworks across a large client portfolioEnsure consistent, high-quality delivery across all engagements, from readiness through audit completionGuide clients through complex compliance, risk, and regulatory challengesMaintain strong executive-level client relationships and drive renewals and expansions

Team Leadership & Scaling

Build, manage, and scale a team of managers, senior consultants, and junior staffDirectly manage practice leaders and senior managers; indirectly oversee a larger delivery teamSet performance standards, career paths, and development plansLead hiring, onboarding, and training strategy for the practiceFoster a high-accountability, high-performance consulting culture

Growth & Go-To-Market

Drive practice growth through upsells, cross-sells, renewals, and new client acquisitionSupport sales and business development through scoping, proposals, and executive-level client conversationsHelp shape marketing narratives, thought leadership, and service positioningIdentify new frameworks, offerings, and market opportunities to expand the practice

Required Qualifications:

7 years of experience in cybersecurity and compliance consultingDemonstrated experience owning and leading large portfolios of SOC 2 engagementsDeep domain expertise with 40 SOC 2 engagements completed as primary point of contactProven experience leading SOC 2, ISO 27001, HIPAA, and related audits end-to-endPrior experience managing teams of 10 consultants, including managers and senior staffStrong understanding of SOC 2, ISO 27001, HIPAA, NIST, and related frameworksTrack record of balancing delivery excellence with commercial outcomesExceptional executive-level communication and client relationship skillsStrong financial, operational, and strategic judgmentBachelor’s degree in Information Security, Computer Science, Business, or equivalent experience

Preferred Qualifications:

Professional certifications (CISSP, CISA, CISM, CRISC, or similar)Experience with compliance automation and GRC platforms (Vanta, Drata, etc.)Background working with high-growth technology companies and startupsExperience with additional frameworks such as FedRAMP, PCI-DSS, or GDPRPrevious experience at a Big Four firm or top-tier cybersecurity consultancyStrong technical foundation in cloud infrastructure and security architecture

What We Offer:

Executive-level compensation: target $175,000–$225,000 total compensation, including performance-based bonus tied to practice P&LSignificant leadership autonomy and ownership of a core revenue practiceOpportunity to build, scale, and shape a flagship compliance businessWork with top-tier, venture-backed and growth-stage clientsCollaborative executive team and fast-growing platformLong-term career growth with potential for expanded leadership scope