Principal, Cyber Security Assurance

This role may be based in NYC, Washington DC, or Chicago.

We are seeking a senior leader to drive the growth of Digital Risks in the United States, with a primary focus on cyber assurance, third-party risk management, and large-scale regulatory compliance audits. In this role, you will collaborate closely with our cyber threat intelligence, advisory, and response teams to expand our digital risk business. Your responsibility will include overseeing the assessment, and improving client cybersecurity programs, ensuring alignment with industry standards and regulatory requirements, and guiding clients through complex third-party audits.

Key Responsibilities

Cybersecurity Program Evaluation

• Lead cyber assurance engagements, assessing client cybersecurity programs for compliance with industry standards such as NIST, ISO 27001, and other relevant frameworks.
• Act as a trusted advisor, ensuring client cybersecurity postures are resilient, compliant, and in line with regulatory requirements.

Third-Party Risk Management Audits

• Oversee large-scale third-party risk and compliance audits, ensuring alignment with industry-specific frameworks, regulatory standards, and contractual obligations.

Regulatory Compliance Audits

• Oversee regulatory compliance audits to ensure clients meet required standards and regulations.
• Advise clients on audit preparation and guide them through maintaining compliance while improving cybersecurity measures.
• Ensure clients' compliance programs address both current and emerging regulatory requirements.

Penetration Testing & Vulnerability Management Support

• Partner with the penetration testing team to incorporate findings into broader cyber assurance reviews.
• Lead remediation efforts for high-risk vulnerabilities, aligning them with the client’s overall compliance and cybersecurity objectives.

Client Relationship & Business Development

• Build and sustain relationships with key stakeholders, especially C-suite executives, positioning Digital Risks as a leader in cyber assurance and regulatory compliance.
• Identify and capitalize on new business opportunities in cyber assurance, third-party risk assessments, and compliance audits.
• Provide thought leadership on cyber assurance trends, regulatory updates, and best practices to enhance client relationships and grow the practice.
• Advise clients on continuously improving their cybersecurity and compliance frameworks based on audit findings and risk assessments.

Practice Development & Team Leadership

• Recruit, develop, and lead a high-performing team specializing in cyber assurance, third-party risk management, and regulatory compliance.
• Foster a culture of continuous learning, ensuring the team stays ahead of emerging trends in cybersecurity and compliance.
• Contribute to the creation of innovative services and solutions to meet clients' evolving needs in cyber assurance and compliance auditing.

Requirements

Required Qualifications

Experience & Knowledge:

• 12+ years of experience in cybersecurity, specializing in cyber assurance, third-party risk management, and regulatory compliance audits.
• Proven track record of leading cyber assurance engagements and guiding clients through risk management and compliance processes based on industry frameworks (e.g., NIST, ISO 27001).
• Expertise in managing third-party audits and ensuring regulatory compliance across audit lifecycles.
• In-depth understanding of regulatory frameworks, with hands-on experience delivering compliance audits for both commercial and government sectors.
• Experience integrating penetration testing and vulnerability assessments into broader cyber assurance strategies.

Education & Certifications:

• Bachelor's or master’s degree in information security, Computer Science, Engineering, or a related field.
• Relevant certifications such as CISSP, CISM, CISA, ISO 27001 Lead Auditor, SANS, or other recognized credentials in cybersecurity, third-party risk management, and compliance auditing.

Skills:

• Strong commercial acumen, with proven ability to generate new business in cyber assurance and regulatory compliance services.
• Exceptional communication, presentation, and analytical skills with the ability to influence senior stakeholders and deliver impactful insights that improve cybersecurity resilience and regulatory compliance.

The base salary range for this position in Washington DC and Chicago is $180,000-$205,000 per year. The base salary range for this position in New York City is $200,000-$215,000 per year. Exact compensation offered may vary depending on job-related knowledge, skills, and experience.

Control Risks is committed to a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age or veteran status. If you require any reasonable adjustments to be made in order to participate fully in the interview process, please let us know and we will be happy to accommodate your needs.

Benefits

• Control Risks offers a competitively positioned compensation and benefits package that is transparent and summarized in the full job offer.
• Control Risks supports hybrid working arrangements, wherever possible, that emphasize the value of in-person time together - in the office and with our clients - while continuing to support flexible and remote working.
• Medical Benefits, Prescription Benefits, FSA, Dental Benefits, Vision Benefits, Life and AD&D, Voluntary Life and AD&D, Disability Benefits, Voluntary Benefits, 401 (K) Retirement, Nationwide Pet Insurance, Employee Assistance Program.
• As an equal opportunities employer, we encourage suitably qualified applicants from a wide range of backgrounds to apply and join us and are fully committed to equal treatment, free from discrimination, of all candidates throughout our recruitment process.