Vice President, Compliance & GRC at Achilleion – New York, New York

About Agency Cybersecurity:

Agency Cybersecurity is a fast-growing ventured back startup that provides best-in-class cybersecurity and compliance. Our software and services simplify complex compliance frameworks including SOC2, ISO 27001, HIPAA, and others, empowering businesses to scale securely and confidently. We're backed by top-tier investors like Y Combinator and have offices in NYC, Boston, Richmond, and London.

Location: 100% On-Site in New York, NY

Position Type: Full-Time, Salaried

Experience Level: Vice President Level

Compensation: $175,000 to $225,000+ total comp, including annual bonus and benefits.

Agency Cybersecurity is seeking a Vice President of Compliance & GRC to lead and scale our cybersecurity compliance practice. This is a senior executive role with full P&L responsibility, accountable for practice delivery, team leadership, client outcomes, and revenue growth.

This role is ideal for a seasoned compliance leader who has built and run large portfolios of SOC 2 and related compliance engagements in a consulting environment and is ready to own an entire practice end-to-end.

Given the client delivery and practice ownership responsibilities, this role requires prior leadership experience in a cybersecurity or compliance consulting firm.

Role Overview:

As VP of Compliance & GRC, you will own the Compliance & Assurance practice at Agency Cybersecurity. You will be responsible for setting strategy, managing delivery quality, leading and scaling a team, overseeing client relationships, and driving both retention and growth across the portfolio.

You will act as the senior escalation point for complex engagements, guide key clients as a trusted executive advisor, and partner closely with leadership on pricing, packaging, hiring, and go-to-market strategy.

Key Responsibilities:

Practice Ownership & P&L

• Own full P&L responsibility for the Compliance & GRC practice, including revenue, margins, utilization, and cost management
• Set practice strategy, service offerings, pricing models, and delivery standards
• Forecast revenue, manage capacity planning, and drive sustainable growth
• Partner with leadership on annual planning, targets, and practice expansion

Client Delivery & Advisory

• Serve as executive sponsor and senior escalation point for key client engagements
• Oversee delivery of SOC 2, ISO 27001, HIPAA, and other compliance frameworks across a large client portfolio
• Ensure consistent, high-quality delivery across all engagements, from readiness through audit completion
• Guide clients through complex compliance, risk, and regulatory challenges
• Maintain strong executive-level client relationships and drive renewals and expansions

Team Leadership & Scaling

• Build, manage, and scale a team of managers, senior consultants, and junior staff
• Directly manage practice leaders and senior managers; indirectly oversee a larger delivery team
• Set performance standards, career paths, and development plans
• Lead hiring, onboarding, and training strategy for the practice
• Foster a high-accountability, high-performance consulting culture

Growth & Go-To-Market

• Drive practice growth through upsells, cross-sells, renewals, and new client acquisition
• Support sales and business development through scoping, proposals, and executive-level client conversations
• Help shape marketing narratives, thought leadership, and service positioning
• Identify new frameworks, offerings, and market opportunities to expand the practice

Required Qualifications:

• 7+ years of experience in cybersecurity and compliance consulting
• Demonstrated experience owning and leading large portfolios of SOC 2 engagements
• Deep domain expertise with 40+ SOC 2 engagements completed as primary point of contact
• Proven experience leading SOC 2, ISO 27001, HIPAA, and related audits end-to-end
• Prior experience managing teams of 10+ consultants, including managers and senior staff
• Strong understanding of SOC 2, ISO 27001, HIPAA, NIST, and related frameworks
• Track record of balancing delivery excellence with commercial outcomes
• Exceptional executive-level communication and client relationship skills
• Strong financial, operational, and strategic judgment
• Bachelor’s degree in Information Security, Computer Science, Business, or equivalent experience

Preferred Qualifications:

• Professional certifications (CISSP, CISA, CISM, CRISC, or similar)
• Experience with compliance automation and GRC platforms (Vanta, Drata, etc.)
• Background working with high-growth technology companies and startups
• Experience with additional frameworks such as FedRAMP, PCI-DSS, or GDPR
• Previous experience at a Big Four firm or top-tier cybersecurity consultancy
• Strong technical foundation in cloud infrastructure and security architecture

What We Offer:

• Executive-level compensation: target $175,000–$225,000+ total compensation, including performance-based bonus tied to practice P&L
• Significant leadership autonomy and ownership of a core revenue practice
• Opportunity to build, scale, and shape a flagship compliance business
• Work with top-tier, venture-backed and growth-stage clients
• Collaborative executive team and fast-growing platform
• Long-term career growth with potential for expanded leadership scope