Security and Compliance Consultant jobs in United States
cer-icon
Apply on Employer Site
company-logo

New Charter Technologies · 13 hours ago

Security and Compliance Consultant

positionUnited States
timeFull-time
remoteRemote
seniorityEntry, Mid Level
date2+ years exp

Cyber74 is an advanced Managed Security Services Provider (MSSP) serving small and medium sized businesses across North America. The vCISO and Compliance Consultant will provide virtual Chief Information Security Officer services, guiding clients in developing and managing their information security programs while ensuring compliance with applicable standards and regulations.

ConsultingInformation TechnologyProfessional Services

Responsibilities

Working under general supervision, the vCISO and Compliance Consultant will guide clients in the development and ongoing management of their information security programs while monitoring, managing, and closing compliance issues to ensure alignment with applicable standards and regulations
In carrying out these functions, the vCISO and Compliance Consultant will identify, evaluate, and interpret regulatory, statutory, and customer security requirements, control deficiencies, and information security risks, and translate them into prioritized program initiatives
Serve as a virtual CISO for assigned clients, providing leadership in the development of security strategy, governance structures, and multi-year security roadmaps aligned to business goals and risk appetite
Engage with clients and conduct cybersecurity readiness assessments, gap analyses, and maturity assessments using frameworks such as CMMC, NIST CSF, HIPAA, and related standards (including NIST 800-171 and NIST 800-53), and translate the results into program and project plans
Consult with executive and technical stakeholders to understand key business, regulatory, and security challenges, and provide pragmatic recommendations that balance risk reduction, cost, and operational impact
Develop, review, and refine client security policies, standards, and procedures, ensuring consistency with leading practices and alignment with contractual, regulatory, and customer requirements
Support clients in establishing and maintaining governance mechanisms such as security steering committees, risk registers, exception and waiver processes, and formal risk acceptance documentation
Prepare and deliver client-facing security reporting, including executive summaries, board-level updates, and status reports on remediation and compliance initiatives
Provide oversight for remediation activities arising from assessments, audits, and incidents by prioritizing efforts, tracking progress, and validating that controls are implemented and operating as intended
Maintain in-depth knowledge of security regulatory compliance requirements—with particular emphasis on CMMC, NIST CSF, and HIPAA—and translate those into practical control requirements and process improvements for clients
Articulate and defend IT and security controls, testing approaches, and remediation strategies to both technical and non-technical audiences, including regulators, auditors, and customers when required
Collaborate with Cyber74 and New Charter Technologies Operating Company stakeholders and personnel to share security knowledge, vulnerability and threat trends, program maturity observations, and analysis findings that can improve the broader security posture

Qualification

Information Security LeadershipCompliance FrameworksCybersecurity AssessmentsCloud Security AuditingSecurity TechnologiesNetwork Security KnowledgeNetwork Scanning ToolsTechnical Security AuditsGovernance ProgramsPreferred CertificationsEQClient Relationship SkillsDesire to LearnServant-Hearted ApproachOrganizational SkillsCollaborative MindsetDetail-Oriented

Required

Experience in information security leadership and compliance-focused roles with 2–4+ years of experience performing security program management, technical security audits, and risk assessments
Experience implementing and assessing controls aligned to CMMC, NIST CSF, HIPAA, and related frameworks and standards (e.g., NIST 800-171, NIST 800-53, ISO 27001)
Experience performing cybersecurity readiness and maturity assessments, including those aligned with CMMC, NIST CSF, and HIPAA security/privacy requirements
Minimum 1+ years' experience with cloud-based concepts with an emphasis on development and auditing AWS or Azure controls
Well-rounded expertise and exposure to various security technologies, including Anti-Virus, Endpoint Detection and Response (EDR), Data Loss Prevention, Intrusion Prevention, Application Whitelisting, etc
Experienced at assessing on-premise systems, enterprise SaaS, and cloud offerings, including various infrastructure platforms such as Active Directory, Windows, Linux, etc
Strong working knowledge of network firewalls, switches, routers, and endpoints
Experience working with network scanning tools such as Tenable Nessus, Qualys, or Rapid-fire Tools
Technical knowledge of network design, cloud platform architecture, and experience with information security governance programs and control framework concepts, particularly the NIST cybersecurity framework
Strong EQ with the ability to develop rapport and provide technical security and risk-related to technical and non-technical audiences
Must be able to influence without authority, innovate to tackle tough problems, and communicate clearly to all levels of the organization
Ability to thrive in a supportive, result-oriented community and are committed to the relentless pursuit of continuous growth
Ability to coordinate multiple tasks and competing demands while working with clients, management, and project resources

Preferred

Certified Information Systems Auditor (CISA)
Certified in Risk and Information Systems Control (CRISC)
GIAC Security Essentials (GSEC)
Certified Information Security Manager (CISM)
Certified Information Systems Security Professional (CISSP)
CMMC Certified Professional (CCP)
CMMC Assessor (CCA)
Certified Ethical Hacker (CEH)
A+
Network+
Security+
Highly organized and process driven, with the ability to bring structure to client security programs
Affinity for technology and an interest in staying current with evolving threats, tools, and best practices
Strong integrity with the ability to work in a highly confidential and trustworthy manner
Collaborative and flexible with a consultative mindset, comfortable working across multiple Operating Companies and stakeholder groups
Precise and detailed, delivering consistently high-quality written and verbal deliverables
Comfortable balancing tactical tasks and strategic planning, and knowing when to focus on each for maximum client value
Strong desire to learn, grow, and follow direction while also taking initiative to move work forward
Skilled in interfacing directly with clients and cultivating a long-term trusted advisor relationship with them
Servant-hearted with a focus on improving the lives and security posture of our customers in every action and interaction

Company

New Charter Technologies

twittertwitter
company-logo
New Charter Technologies operates as a Managed Service Provider (MSP).
dateFounded in 2018
location
Palo Alto, California, USA
people-size1001-5000 employees
web-link
https://newchartertech.com/

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Bryan Bodhaine
CFO
linkedin
leader-logo
Peter Melby
Chief Revenue Officer
linkedin

Recent News

CRN
WatchGuard Lands Kaseya President Joe Smolarski As New CEO, His Plan Is To Double MSP Margins
2025-11-06
PR Newswire
New Charter Technologies Welcomes Geoff Boyd as Chief Financial Officer
2025-08-06
PR Newswire
New Charter Technologies Appoints Ryan Davis as Chief Information Security Officer
2025-08-04
Company data provided by crunchbase