Senior IT Security & Compliance Consultant

As a Senior IT Security & Compliance Consultant at Network Right, you’ll help our clients build and maintain strong security and compliance programs that meet today’s most rigorous standards — including SOC 2, ISO, GDPR, NIST CSF, and related frameworks.

You’ll act as a trusted advisor to high-growth startups and enterprises, guiding them through compliance readiness, audit preparation, and ongoing risk management. This role blends strategic consulting, operational execution, and exceptional client service, all in support of Network Right’s mission to make world-class IT and cybersecurity accessible and human-centered.

Candidates in SF or NYC will be considered for a hybrid onsite position.

Key Responsibilities

Serve as the primary compliance advisor for assigned clients, leading engagements from gap assessments to audit completion.

Develop and manage remediation roadmaps aligned with frameworks such as NIST CSF, SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS, and HITRUST.

Coordinate audit readiness, evidence collection, and communication with clients, auditors and vendors.

Oversee client risk management activities, including risk identification, assessment, and mitigation.

Review and maintain client information security policies and governance processes to ensure regulatory alignment.

Deliver compliance and security awareness training to client teams.

Partner with internal IT teams to implement integrated security and compliance solutions.

Recommend tools and partners (e.g., SIEM, EDR, MDM) to strengthen compliance and risk management programs.

Track evolving compliance requirements and guide clients in updating their processes and documentation.

Technical Familiarity

Cloud : AWS, GCP, Azure (IAM, network security, logging)

Compliance Tools : Drata, Vanta, Delve

Identity : Okta, Azure AD, Google Workspace

EDR : CrowdStrike, SentinelOne, Huntres

MDM : Mosyle, Jamf, Kandji

Collaboration : Jira, Asana, Notion, Slack

Networking / SaaS : VPNs, SSO, access reviews, data security

Qualifications

5+ years of experience in compliance, audit readiness, or GRC consulting (client-facing preferred).

Proven success managing SOC 2 or ISO 27001 readiness engagements end-to-end.

Strong understanding of information security principles, control frameworks, and risk management practices.

CISA, CISM, CISSP, or comparable compliance / governance certification.

Strong understanding of software engineering or DevOps principles.

PMP or other project management credential a plus.

Excellent communication skills : able to advise executives, auditors, and technical teams alike.

Strong project management and prioritization skills across multiple client engagements.

#J-18808-Ljbffr