Sr. VISO

Position: Senior VISO Governance, Risk, and Compliance (GRC)
Location: Remote VA, DC, MD

Reporting to: Director of GRC

About Assura Inc.

Assura Inc. is on a mission to make cybersecurity accessible and effective for organizations of all sizes. We offer a full spectrum of services designed to protect businesses from cyber threats, ensure regulatory compliance, and foster resilience against evolving risks.

Assuras scalable and tailored solutions enable organizations to strengthen their security posture, mitigate risks, and operate with confidence in an ever-changing threat landscape. Recognized for their commitment to excellence, they have received awards such as the "10 Most Promising Cybersecurity Consulting Service Companies," "Best Workplaces," and a spot on the Inc. 5000 list of fastest-growing private companies.

Role Overview

As a Senior Consultant GRC, you will be responsible for advising clients on best practices in cybersecurity governance, risk management, and regulatory compliance. You will lead engagements, assess security and compliance risks, develop mitigation strategies, and help implement policies and frameworks that align with industry standards. This role requires a strong understanding of cybersecurity regulations, risk management frameworks, and industry best practices.

Key Responsibilities

• Client Advisory & Compliance: Work closely with clients to assess security risks, identify compliance gaps, and develop tailored solutions that align with industry regulations such as NIST, ISO 27001, PCI DSS, CMMC, HIPAA, and SOC 2.
• Risk Assessments & Audits: Conduct risk assessments, security audits, and gap analyses to evaluate clients cybersecurity controls, policies, and procedures.
• Governance & Framework Development: Design and implement governance frameworks, policies, and risk management strategies that support business objectives while enhancing security and compliance.
• Strategic Recommendations: Provide actionable insights and roadmap strategies to improve cybersecurity maturity, streamline compliance efforts, and mitigate business risks.
• Training & Awareness: Educate clients on cybersecurity risks, regulatory requirements, and best practices through training sessions, workshops, and executive briefings.
• Team Leadership & Mentorship: Support and mentor junior consultants, fostering professional growth and enhancing team performance.
• Continuous Improvement: Stay current with evolving cybersecurity threats, regulatory updates, and industry trends to enhance service offerings and client solutions.

Qualifications & Experience

• Education: Bachelors or Masters degree in Cybersecurity, Information Security, Computer Science, or a related field preferred.
• Experience: 5+ years of experience in cybersecurity consulting, GRC, or risk management, preferably within highly regulated industries.
• Certifications (Preferred): CISSP, CISM, CISA, CRISC, or other relevant cybersecurity and risk management certifications.
• Skills & Competencies:
• Strong understanding of risk management frameworks (NIST, ISO 27001, COSO, etc.).
• Experience with compliance assessments, audits, and policy development.
• Excellent problem-solving, analytical, and communication skills.
• Ability to manage multiple projects, meet deadlines, and work collaboratively with clients and internal teams.

Why Join Assura?

At Assura, we are passionate about making cybersecurity accessible and effective. We foster a collaborative work environment where innovation, integrity, and excellence drive everything we do. If you are looking to make a real impact in cybersecurity and help organizations strengthen their security posture, we want to hear from you!