Practice Lead, GRC Advisory for Shellproof Security

We are seeking an operational leader to drive the success of our CMMC GRC practice. In this role, you will bridge the gap between strategic client goals and tactical execution. You will lead the CMMC readiness Service Delivery Operations team and serve as the Lead vCISO for key accounts, providing high-level guidance to senior management. You are responsible for the quality, efficiency, and consistency of our consulting output. You will guide Advisors and Analysts to ensure deliverables are strategic, accurate, and impactful, while ensuring the team runs efficiently and meets utilization targets.Core ValuesDemonstrate Integrity. To hold the highest standards of honesty and transparencyBe Collaborative. Cybersecurity is a collective endeavor and we believe in fostering strong relationshipsThink Strategic. To help our clients enhance their cybersecurity, they need a planProvide Clarity. Have a business acumen that allows a client to understand complex issues with ClarityOpportunity. Have a positive mindset and look at compliance and cybersecurity as an opportunity to improve small businesses and unlock new business opportunities.Basic FunctionsService Delivery & Operational ManagementTeam Oversight: Manage the daily workflow and performance of GRC Advisors, ensuring projects are delivered on time and within scope.Quality Control (QC): Act as the final review gate for client deliverables (Risk Assessments, SSPs, Executive Reports). Ensure all reports are polished, strategic, and error‑free before they reach the client.Process Optimization: Develop and refine internal SOPs, templates, and consulting methodologies to improve efficiency and consistency across the practice.Resource Management: Assign resources to projects based on technical fit and capacity; manage the schedule for both on‑site and remote engagements.Strategic vCISO AdvisoryExecutive Leadership: Act as the dedicated vCISO for clients, reporting directly to their Boards/C‑Suits where applicable to align security initiatives with business objectives.Strategic Roadmapping: Lead the development of long‑term security strategies, bridging the gap between current state (gap analysis) and desired future state.Crisis Management: Oversee the development of Incident Response (IR) and Business Continuity Plans (BCP); facilitate tabletop exercises to validate client readiness.Mentorship & DevelopmentTeam Development: Provide technical guidance and mentorship to Advisors, helping them interpret regulations (HIPAA, ISO27001, CMMC, CISv8) effectively.Training Evaluation: Evaluate the effectiveness of internal training programs and recommend adjustments to keep the team sharp on emerging threats.Escalation Point: Serve as the primary point of escalation for complex technical or client‑relationship issues.Business & Vendor StrategyVendor Risk Management: Develop and manage the firm's Vendor Risk Management methodology for client deployment.Client Onboarding: Assist sales and account management with scoping complex projects and ensuring a smooth onboarding process for new clients.Market Awareness: Review industry publications to stay ahead of emerging threats and translate these trends into actionable advice for clients.RequirementsKnowledge, Skills, and/or Abilities RequiredTechnical ProficiencyRegulatory Expert: Deep, actionable knowledge of frameworks such as CMMC 2.0, NIST 800‑53, HIPAA, ISO27001, and CISv8.GRC Tooling: Hands‑on experience utilizing and optimizing GRC platforms (e.g., FutureFeed, IntelliGRC, Drata) and ticketing systems.Risk Methodologies: Strong command of risk assessment principles (e.g., NIST800‑30).Operational & Soft SkillsBusiness Acumen: Ability to translate technical risk into financial and operational impact for executive audiences.Operational Leadership: Proven ability to organize schedules, manage project tickets, and match resources to technical issues appropriately.Communication: Exceptional written and verbal communication skills; ability to command a room and “speak the language” of the C‑Suite.Educational / Vocational / Previous Experience Requirements5+ years of experience in Cybersecurity, GRC (Governance, Risk, and Compliance), or Information Assurance.A minimum of 1 year of experience focused on CMMC (Cybersecurity Maturity Model Certification) or NIST800‑53 standards.2+ years of experience in a team lead, management, or senior consultant role.Professional security certification required (e.g., CISSP, CISM, CISA, CRISC, or CMMCCCP).Bachelor's degree in Cybersecurity, Information Technology, Business, or related experience.PreferredExperience working within an MSP or MSSP environment.Experience managing “Time and Materials” or “Retainer” based consulting teams.BenefitsCompetitive salary based on experience and qualifications.Health, vision, and dental benefits included.Performance based incentives.Generous bonus levels.Fun working environment and culture.Great opportunity for advancement.#J-18808-Ljbffr

We are seeking an operational leader to drive the success of our CMMC GRC practice. In this role, you will bridge the gap between strategic client goals and tactical execution. You will lead the CMMC readiness Service Delivery Operations team and serve as the Lead vCISO for key accounts, providing high-level guidance to senior management. You are responsible for the quality, efficiency, and consistency of our consulting output. You will guide Advisors and Analysts to ensure deliverables are strategic, accurate, and impactful, while ensuring the team runs efficiently and meets utilization targets.Core ValuesDemonstrate Integrity. To hold the highest standards of honesty and transparencyBe Collaborative. Cybersecurity is a collective endeavor and we believe in fostering strong relationshipsThink Strategic. To help our clients enhance their cybersecurity, they need a planProvide Clarity. Have a business acumen that allows a client to understand complex issues with ClarityOpportunity. Have a positive mindset and look at compliance and cybersecurity as an opportunity to improve small businesses and unlock new business opportunities.Basic FunctionsService Delivery & Operational ManagementTeam Oversight: Manage the daily workflow and performance of GRC Advisors, ensuring projects are delivered on time and within scope.Quality Control (QC): Act as the final review gate for client deliverables (Risk Assessments, SSPs, Executive Reports). Ensure all reports are polished, strategic, and error‑free before they reach the client.Process Optimization: Develop and refine internal SOPs, templates, and consulting methodologies to improve efficiency and consistency across the practice.Resource Management: Assign resources to projects based on technical fit and capacity; manage the schedule for both on‑site and remote engagements.Strategic vCISO AdvisoryExecutive Leadership: Act as the dedicated vCISO for clients, reporting directly to their Boards/C‑Suits where applicable to align security initiatives with business objectives.Strategic Roadmapping: Lead the development of long‑term security strategies, bridging the gap between current state (gap analysis) and desired future state.Crisis Management: Oversee the development of Incident Response (IR) and Business Continuity Plans (BCP); facilitate tabletop exercises to validate client readiness.Mentorship & DevelopmentTeam Development: Provide technical guidance and mentorship to Advisors, helping them interpret regulations (HIPAA, ISO27001, CMMC, CISv8) effectively.Training Evaluation: Evaluate the effectiveness of internal training programs and recommend adjustments to keep the team sharp on emerging threats.Escalation Point: Serve as the primary point of escalation for complex technical or client‑relationship issues.Business & Vendor StrategyVendor Risk Management: Develop and manage the firm's Vendor Risk Management methodology for client deployment.Client Onboarding: Assist sales and account management with scoping complex projects and ensuring a smooth onboarding process for new clients.Market Awareness: Review industry publications to stay ahead of emerging threats and translate these trends into actionable advice for clients.RequirementsKnowledge, Skills, and/or Abilities RequiredTechnical ProficiencyRegulatory Expert: Deep, actionable knowledge of frameworks such as CMMC 2.0, NIST 800‑53, HIPAA, ISO27001, and CISv8.GRC Tooling: Hands‑on experience utilizing and optimizing GRC platforms (e.g., FutureFeed, IntelliGRC, Drata) and ticketing systems.Risk Methodologies: Strong command of risk assessment principles (e.g., NIST800‑30).Operational & Soft SkillsBusiness Acumen: Ability to translate technical risk into financial and operational impact for executive audiences.Operational Leadership: Proven ability to organize schedules, manage project tickets, and match resources to technical issues appropriately.Communication: Exceptional written and verbal communication skills; ability to command a room and “speak the language” of the C‑Suite.Educational / Vocational / Previous Experience Requirements5+ years of experience in Cybersecurity, GRC (Governance, Risk, and Compliance), or Information Assurance.A minimum of 1 year of experience focused on CMMC (Cybersecurity Maturity Model Certification) or NIST800‑53 standards.2+ years of experience in a team lead, management, or senior consultant role.Professional security certification required (e.g., CISSP, CISM, CISA, CRISC, or CMMCCCP).Bachelor's degree in Cybersecurity, Information Technology, Business, or related experience.PreferredExperience working within an MSP or MSSP environment.Experience managing “Time and Materials” or “Retainer” based consulting teams.BenefitsCompetitive salary based on experience and qualifications.Health, vision, and dental benefits included.Performance based incentives.Generous bonus levels.Fun working environment and culture.Great opportunity for advancement.#J-18808-Ljbffr

• 

• Government Careers