Lead GRC and data privacy engagements, design cybersecurity governance models, support regulatory compliance, and mentor consultants. Engage with C-level executives to enhance risk programs and implement privacy initiatives.
CFGI is seeking a Cybersecurity GRC & Data Privacy Subject Matter Expert to lead and deliver strategic advisory engagements that strengthen clients’ security governance, risk management, compliance posture, and privacy programs. This role blends hands-on delivery, executive communication, and practice leadership. You will work directly with CISOs, CIOs, CFOs, General Counsel/Privacy Counsel, Risk Leaders, and PE deal teams to design pragmatic programs, build operating models, and drive measurable outcomes.
The ideal candidate brings deep expertise in GRC frameworks, regulatory compliance, and privacy, strong consulting instincts, and a proven ability to lead teams and manage multiple client workstreams.
Key Responsibilities:
Client Advisory & Delivery:
· Lead end-to-end GRC and privacy engagements, including scoping, planning, execution, and executive reporting.
· Design and operationalize cybersecurity governance models (policies, standards, risk appetite, committees, reporting KPIs/KRIs).
· Build and mature enterprise risk programs: risk assessments, risk registers, control libraries, and control testing approaches.
· Develop and implement security policies, standards, and procedures aligned to common frameworks (e.g., NIST CSF, ISO 27001/27002, CIS, SOC 2).
· Support regulatory readiness and compliance initiatives (e.g., SEC cyber disclosure support, NYDFS 500, GDPR/UK GDPR, CCPA/CPRA, HIPAA, PCI DSS, SOX ITGC alignment where applicable).
· Stand up or enhance privacy programs: data mapping/inventories, DPIAs/PIAs, DSAR processes, retention, consent management, third-party privacy risk, and privacy by design.
· Perform vendor/third-party risk assessments and implement scalable TPRM operating models.
· Coordinate cross-functional stakeholders (Legal, IT, Security, Compliance, Product, HR) to drive outcomes and adoption.
Executive Communication & Stakeholder Management:
· Translate complex technical, regulatory, and privacy requirements into business-oriented recommendations.
· Deliver executive-ready artifacts: board/audit committee materials, roadmaps, operating models, heatmaps, and risk dashboards.
· Serve as a trusted advisor to senior leadership; confidently present findings and influence decisions.
Practice Development & Leadership:
· Contribute to go-to-market development: offerings, templates, accelerators, methodologies, and points of view.
· Support business development through proposal writing, SOW development, client presentations, and solution shaping.
· Mentor and develop consultants and managers; lead teams across multiple engagements while maintaining quality and delivery rigor.
· Partner with other CFGI service lines (Accounting Advisory, CFO Advisory, Technology Enablement) to deliver integrated solutions.
Required Qualifications:
· Five plus years of relevant experience in cybersecurity GRC, privacy, risk management, compliance, or consulting (level will map to experience).
· A Bachelor’s degree in a relevant field.
· Demonstrated expertise implementing and operationalizing cybersecurity frameworks and control programs: NIST CSF / NIST 800-53 (nice-to-have), ISO 27001/27002, SOC 2, CIS Controls.
· Strong privacy fundamentals and experience with privacy program build-out and operations: GDPR/UK GDPR, CCPA/CPRA; experience with HIPAA/GLBA or other sectoral privacy standards is a plus.
· Experience performing or leading: enterprise/security risk assessments. control design/testing, policy and standards development, TPRM programs, compliance/regulatory readiness programs,
· Exceptional written and verbal communication skills with a track record of producing executive-level deliverables.
· Proven ability to lead teams, manage timelines/budgets, and deliver in a client-facing environment.
Preferred Qualifications (Nice-to-Have):
· Certifications: CISM, CISSP, CRISC, CISA, ISO 27001 Lead Implementer/Lead Auditor, CIPM/CIPP (E/US), CDPSE.
· PE/portfolio company experience: rapid maturity uplift, integration, carve-out/stand-up, and pragmatic road mapping.
· Exposure to incident readiness, tabletop exercises, and crisis communications coordination with Legal/Comms.
· Experience supporting audits and assurance activities (SOC 2 readiness, ISO certification readiness, internal audit coordination).
Why CFGI:
· High-impact work with sophisticated clients and private equity portfolio companies.
· Opportunity to shape and scale a fast-growing Cybersecurity practice.
· Collaborative culture with autonomy, flexibility, and strong leadership support.
· Competitive compensation, benefits, and career growth trajectory.
Top Skills
Ccpa
Cis
Gdpr
Grc Frameworks
Iso 27001
Iso 27002
Nist Csf
Regulatory Compliance
Soc 2
Similar Jobs
Consulting • Financial Services
Lead GRC and data privacy engagements, design security governance models, support regulatory compliance, and manage client communications. Mentor teams and contribute to practice development.
Top Skills:
CcpaCis ControlsGdprHipaaIso 27001/27002Nist CsfPci DssSoc 2
Cloud • Fintech • Software • Business Intelligence • Consulting • Financial Services
Lead CFO-level advisory engagements for physician practices by modernizing finance operations, overseeing client teams, analyzing KPIs, building budgets/forecasts, driving process and technology improvements, collaborating cross-functionally, and mentoring staff.
Top Skills:
Intacct,Quickbooks Online,Netsuite,Bill.Com
Artificial Intelligence • Cloud • HR Tech • Information Technology • Productivity • Software • Automation
Lead and manage software development teams, coordinate with product, design, and support, oversee daily development activities, mentor staff, integrate AI into workflows, enforce coding standards and best practices, and deliver high-quality solutions aligned with company priorities.
Top Skills:
Java,C++,Ruby,Shell,Javascript,Servicenow,Ai
What you need to know about the Los Angeles Tech Scene
Los Angeles is a global leader in entertainment, so it’s no surprise that many of the biggest players in streaming, digital media and game development call the city home. But the city boasts plenty of non-entertainment innovation as well, with tech companies spanning verticals like AI, fintech, e-commerce and biotech. With major universities like Caltech, UCLA, USC and the nearby UC Irvine, the city has a steady supply of top-flight tech and engineering talent — not counting the graduates flocking to Los Angeles from across the world to enjoy its beaches, culture and year-round temperate climate.
Key Facts About Los Angeles Tech
- Number of Tech Workers: 375,800; 5.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Snap, Netflix, SpaceX, Disney, Google
- Key Industries: Artificial intelligence, adtech, media, software, game development
- Funding Landscape: $11.6 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Strong Ventures, Fifth Wall, Upfront Ventures, Mucker Capital, Kittyhawk Ventures
- Research Centers and Universities: California Institute of Technology, UCLA, University of Southern California, UC Irvine, Pepperdine, California Institute for Immunology and Immunotherapy, Center for Quantum Science and Engineering
