CFGI Logo

CFGI

GRC and AI Governance - Senior Manager

Reposted 23 Days Ago
Remote or Hybrid
Hiring Remotely in United States
Senior level
Remote or Hybrid
Hiring Remotely in United States
Senior level
The role involves leading GRC and AI governance engagements, advising clients on risk management and compliance, and developing governance frameworks. Responsibilities include managing client engagements, enhancing privacy programs, and collaborating with stakeholders to drive compliance and security initiatives.
The summary above was generated by AI

CFGI is seeking a Cybersecurity GRC & AI Governance Subject Matter Expert to lead and deliver strategic advisory engagements that strengthen clients’ security governance, risk management, compliance posture, AI governance programs, and privacy programs. This role blends hands-on delivery, executive communication, and practice leadership. You will work directly with CISOs, CIOs, CFOs, General Counsel/Privacy Counsel, Risk Leaders, and PE deal teams to design pragmatic programs, build operating models, and drive measurable outcomes.

 

The ideal candidate brings deep expertise in GRC frameworks, regulatory compliance, privacy, and AI governance and compliance (e.g., NIST AI RMF, EU AI Act), strong consulting instincts, and a proven ability to lead teams and manage multiple client workstreams.

 

Key Responsibilities:

 

Client Advisory & Delivery:

 

  • Lead end-to-end GRC and privacy engagements, including scoping, planning, execution, and executive reporting.
  • Design and operationalize cybersecurity governance models (policies, standards, risk appetite, committees, reporting KPIs/KRIs).
  • Build and mature enterprise risk programs: risk assessments, risk registers, control libraries, and control testing approaches.
  • Lead AI governance and compliance engagements — design and operationalize AI governance frameworks, conduct AI risk and impact assessments, build model inventories, establish AI use-case classification and tiering, advise on responsible AI principles, and guide clients through compliance with the EU AI Act, NIST AI RMF, and ISO 42001.
  • Develop and implement security policies, standards, and procedures aligned to common frameworks (e.g., NIST CSF, ISO 27001/27002, CIS, SOC 2, CMMC, FedRAMP, NIST AI RMF, ISO 42001).
  • Support regulatory readiness and compliance initiatives (e.g., SEC cyber disclosure support, NYDFS 500, GDPR/UK GDPR, CCPA/CPRA, HIPAA, PCI DSS, SOX ITGC, EU AI Act, CMMC, FedRAMP alignment where applicable).
  • Stand up or enhance privacy programs: data mapping/inventories, DPIAs/PIAs, DSAR processes, retention, consent management, third-party privacy risk, and privacy by design.
  • Support CMMC readiness activities where applicable, including gap analyses and compliance alignment to NIST SP 800-171 (experience a plus, not required).
  • Perform vendor/third-party risk assessments and implement scalable TPRM operating models.
  • Coordinate cross-functional stakeholders (Legal, IT, Security, Compliance, Product, HR) to drive outcomes and adoption.

 

Executive Communication & Stakeholder Management:

 

  • Translate complex technical, regulatory, privacy, and AI governance requirements into business-oriented recommendations.
  • Help clients communicate AI risk posture and governance maturity to boards, regulators, and executive leadership, including EU AI Act compliance status and NIST AI RMF alignment.
  • Deliver executive-ready artifacts: board/audit committee materials, roadmaps, operating models, heatmaps, and risk dashboards.
  • Serve as a trusted advisor to senior leadership; confidently present findings and influence decisions.

 

Practice Development & Leadership:

 

  •  Support business development through proposal writing, SOW development, client presentations, and solution shaping.
  • Contribute to go-to-market development: offerings, templates, accelerators, methodologies, and points of view.
  • Mentor and develop consultants and managers; lead teams across multiple engagements while maintaining quality and delivery rigor.
  • Partner with other CFGI service lines (Accounting Advisory, CFO Advisory, Technology Enablement) to deliver integrated solutions.

 

Required Qualifications:

 

  • Eight plus years of relevant experience in cybersecurity GRC, privacy, governance, risk management, compliance, or consulting (level will map to experience).
  • Bachelor’s degree in a related field is required.
  • Demonstrated expertise implementing and operationalizing cybersecurity frameworks and control programs: NIST CSF / NIST 800-53, ISO 27001/27002, SOC 2, CIS, NIST AI RMF, ISO 42001; familiarity with CMMC and FedRAMP a plus.
  • Strong privacy fundamentals and experience with privacy program build-out and operations: GDPR/UK GDPR, CCPA/CPRA; experience with HIPAA/GLBA or other sectoral privacy standards is a plus.
  • Demonstrated expertise in AI governance and compliance frameworks (NIST AI RMF, EU AI Act, ISO 42001), including AI risk classification, algorithmic impact assessments, responsible AI principles, and practical application within enterprise or client-facing advisory engagements.
  • Exposure to CMMC or FedRAMP readiness activities is a plus but not required.
  • Experience performing or leading: enterprise/security risk assessments, control design/testing, policy and standards development, TPRM programs, compliance/regulatory readiness programs, AI governance program design and implementation.
  • Exceptional written and verbal communication skills with a track record of producing executive-level deliverables.
  • Proven ability to lead teams, manage timelines/budgets, and deliver in a client-facing environment.

 

Preferred Qualifications (Nice-to-Have):

 

  • Certifications: CISM, CISSP, CRISC, CISA, ISO 27001 Lead Implementer/Lead Auditor, CIPM/CIPP (E/US), CDPSE, AI/ML-related certifications (e.g., CAIAP, ISO 42001 Lead Implementer); CMMC RP or CCA a plus.
  • PE/portfolio company experience: rapid maturity uplift, integration, carve-out/stand-up, and pragmatic road mapping.
  • Exposure to incident readiness, tabletop exercises, and crisis communications coordination with Legal/Comms.
  • Experience supporting audits and assurance activities (SOC 2 readiness, ISO certification readiness, CMMC certification readiness, internal audit coordination).
  • Experience advising on AI governance strategy, responsible AI programs, or AI risk management within regulated industries (financial services, healthcare, energy, defense); familiarity with AI lifecycle management, model validation, and AI supply chain risk.

 

Why CFGI:

 

  • High-impact work with sophisticated clients and private equity portfolio companies.
  • Opportunity to shape and scale a fast-growing Cybersecurity practice.
  • Collaborative culture with autonomy, flexibility, and strong leadership support.
  • Competitive compensation, benefits, and career growth trajectory.

CFGI Los Angeles, California, USA Office

Los Angeles, United States

Similar Jobs

An Hour Ago
Easy Apply
Remote or Hybrid
United States
Easy Apply
175K-210K Annually
Senior level
175K-210K Annually
Senior level
Legal Tech • Software • Generative AI
Own positioning, messaging, and launch strategy for EveOS. Translate complex AI capabilities into buyer-relevant narratives for firm owners, managing attorneys, and operations leads. Feed customer and competitive insights into product and packaging decisions. Create core GTM assets (pitch, product story, demo narrative, website messaging), support analyst relations, and partner with Sales Enablement, PMMs, and Demand Gen to ensure consistent messaging across launches and collateral.
An Hour Ago
Easy Apply
Remote or Hybrid
United States
Easy Apply
175K-210K Annually
Senior level
175K-210K Annually
Senior level
Legal Tech • Software • Generative AI
Lead GTM programs and sales enablement to drive pipeline and revenue. Build messaging, segmentation, pricing alignment, sales tools, partner materials, and enablement metrics while partnering cross-functionally with product, sales, and partnerships.
An Hour Ago
Easy Apply
Remote or Hybrid
United States
Easy Apply
71K-96K Annually
Mid level
71K-96K Annually
Mid level
Artificial Intelligence • Cloud • Computer Vision • Hardware • Internet of Things • Software
Provide Tier 2 hardware and software support for Samsara's IoT products, troubleshoot medium-to-high complexity issues, manage tickets, author knowledge base articles, partner with Engineering and Product teams, and meet SLA goals while supporting customers across hardware, mobile apps, APIs, and cloud services.
Top Skills: APIsCloudIotMobile ApplicationsSaaSSalesforceZendesk

What you need to know about the Los Angeles Tech Scene

Los Angeles is a global leader in entertainment, so it’s no surprise that many of the biggest players in streaming, digital media and game development call the city home. But the city boasts plenty of non-entertainment innovation as well, with tech companies spanning verticals like AI, fintech, e-commerce and biotech. With major universities like Caltech, UCLA, USC and the nearby UC Irvine, the city has a steady supply of top-flight tech and engineering talent — not counting the graduates flocking to Los Angeles from across the world to enjoy its beaches, culture and year-round temperate climate.

Key Facts About Los Angeles Tech

  • Number of Tech Workers: 375,800; 5.5% of overall workforce (2024 CompTIA survey)
  • Major Tech Employers: Snap, Netflix, SpaceX, Disney, Google
  • Key Industries: Artificial intelligence, adtech, media, software, game development
  • Funding Landscape: $11.6 billion in venture capital funding in 2024 (Pitchbook)
  • Notable Investors: Strong Ventures, Fifth Wall, Upfront Ventures, Mucker Capital, Kittyhawk Ventures
  • Research Centers and Universities: California Institute of Technology, UCLA, University of Southern California, UC Irvine, Pepperdine, California Institute for Immunology and Immunotherapy, Center for Quantum Science and Engineering

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account