Senior Consultant, Virtual Compliance Management

Senior Consultant, Compliance Program Manager

Location: Remote (Within Georgia)

Employment Type: Full-Time

About Concerto Compliance

Concerto Compliance is a boutique cybersecurity consulting firm specializing in Virtual Compliance Management (VCM) for growing SaaS and cloud-based companies. We help organizations achieve and maintain SOC 2, ISO, PCI DSS, HIPAA and regulatory compliance while embedding security as a strategic advantage.

As companies scale, they often struggle to balance security and compliance with business objectives. That’s where we come in, offering strategic guidance, operational support, and hands-on implementation to help organizations meet their security and regulatory requirements effectively.

About the Role

We are seeking a Senior Consultant to lead Virtual Compliance Management (VCM) engagements, serving as the primary compliance advisor for multiple client organizations. In this role, you’ll take ownership of end-to-end compliance program management, from building strategic roadmaps to presenting at board meetings to coordinating external audits.

This is a client-facing role where you’ll act as a trusted extension of our clients’ leadership teams, guiding them through complex multi-framework compliance requirements across SOC 2, ISO 27001, PCI DSS, and HIPAA. You’ll lead quarterly steering committee meetings, manage relationships with third-party assessors, and help clients mature their security programs as they scale.

If you’re an experienced compliance professional who thrives on building relationships with executive stakeholders, managing multiple engagements, and turning compliance into a competitive advantage for growing companies, this role is for you.

ResponsibilitiesStrategic Program Leadership

•         Serve as the primary compliance advisor for multiple VCM client engagements simultaneously.

•         Develop, organize, and lead quarterly Information Security Steering Committee meetings.

•         Deliver regular reporting to client leadership teams, including C-Suite and Board presentations.

•         Build and maintain IS Program Strategic Roadmaps aligned with client business objectives.

•         Track program KPIs and ensure completion of recurring compliance activities.

Information Risk Management

•         Lead annual Information Risk Assessments, including risk register updates and remediation tracking.

•         Conduct Business Impact Analyses (BIA) and document findings.

•         Perform Vendor Risk Assessments and manage third-party security evaluations.

•         Guide clients through risk remediation and track completion to closure.

Policy Development & Lifecycle Management

•         Develop, review, and update comprehensive information security policies including Information Security, Acceptable Use, Data Classification, Vendor Management, Business Continuity, and Incident Response policies.

•         Ensure policies address framework-specific requirements (PHI for HIPAA, CHD for PCI DSS, etc).

•         Create new policies as client compliance requirements evolve.

Audit & Assessment Management

•         Manage relationships with third-party assessor firms and QSAs.

•         Coordinate external audits (SOC 2, ISO 27001, PCI DSS).

•         Perform internal audits required to meet compliance and regulatory requirements.

•         Manage updates to required frameworks and conduct gap remediation for emerging requirements.

Third-Party Vendor Coordination

•         Coordinate relationships with security vendors including penetration testing providers, vulnerability scanning services, and outsourced development teams.

•         Support completion of RFPs and security questionnaires for clients.

Training & Awareness Oversight

•         Oversee implementation of security awareness training programs for client organizations.

•         Manage phishing simulation campaigns and subsequent training initiatives.

•         Coordinate PHI and PCI-focused training for regulated environments.

Required

•         Bachelor’s degree in Cybersecurity, Information Security, IT, or a related field (or equivalent experience).

•         3 years of experience in information security, GRC, or compliance management.

•         2 years of experience in a consulting, advisory, or client-facing compliance role.

•         Demonstrated experience managing SOC 2, ISO 27001, PCI DSS, or HIPAA compliance programs.

•         Experience leading risk assessments, business impact analyses, and vendor security reviews.

•         Track record of managing multiple client engagements simultaneously.

•         Strong executive communication skills with experience presenting to C-Suite and Board-level stakeholders.

•         Familiarity with GRC platforms (Vanta, Drata, Airtable, or similar).

•         Knowledge of cloud security considerations for AWS, Azure, or GCP environments.

Preferred

•         5 years of experience in information security or compliance.

•         Industry certifications such as CISM, CISSP, CISA, or ISO 27001 Lead Auditor.

•         Experience with CMMC.

•         Experience in healthcare technology, fintech, or B2B SaaS environments.

Why Join Concerto Compliance?

High-Impact Work 

Lead VCM engagements with innovative SaaS and cloud-based companies, working directly with founders, CISOs, and executive teams as a trusted advisor.

Make Compliance Cool

Help growing companies turn compliance from a checkbox exercise into a genuine strategic advantage, while making it an engaging and dare I say "fun" experience.

No Two Days the Same (Tired of the audit grind?)

Thrive in a dynamic environment where you’ll tackle different challenges across multiple clients, industries, frameworks, and nationalities.

Culture That Doesn’t Take Itself Too Seriously

We work hard and deliver exceptional results, but we also believe compliance doesn’t have to be boring. Expect a team that celebrates wins, shares memes in Slack, and actually enjoys what we do.

Flexibility First

Fully remote with a team that trusts you to manage your time and deliver results, not just log hours. We deliver exceptional results while protecting what matters most to you. Expect real flexibility, respect for family commitments, and trust in how you manage your time.

Collaborative, Not Competitive

Collaboration beats competition here. We share knowledge, celebrate wins, laugh often, and genuinely enjoy working together (yes, Slack memes included).

Benefits

401(k) with Company Match

We invest in your future, not just our clients'.

Fully Covered Healthcare

No payroll deductions. Seriously. We've got you covered.

Flexible Time Off

Take the time you need to recharge.

If you’re passionate about leading compliance programs and helping businesses scale securely, we’d love to hear from you! Learn more at www.concertocompliance.com.