Vice President, Compliance & GRC

About Agency Cybersecurity

Agency Cybersecurity is a fast‑growing venture‑backed startup that provides best‑in‑class cybersecurity and compliance. Our software and services simplify complex compliance frameworks including SOC2, ISO 27001, HIPAA, and others, empowering businesses to scale securely and confidently. We're backed by top‑tier investors like Y Combinator and have offices in NYC, Boston, Richmond, and London.

100% On‑Site in New York, NY

Full‑Time, Salaried

Vice President Level

$175,000 to $225,000+ total compensation, including annual bonus and benefits.

Vice President of Compliance & GRC

Agency Cybersecurity is seeking a Vice President of Compliance & GRC to lead and scale our cybersecurity compliance practice. This is a senior executive role with full P&L responsibility, accountable for practice delivery, team leadership, client outcomes, and revenue growth.

As VP of Compliance & GRC, you will own the Compliance & Assurance practice at Agency Cybersecurity. You will be responsible for setting strategy, managing delivery quality, leading and scaling a team, overseeing client relationships, and driving both retention and growth across the portfolio. You will act as the senior escalation point for complex engagements, guide key clients as a trusted executive advisor, and partner closely with leadership on pricing, packaging, hiring, and go‑to‑market strategy.

• Practice Ownership & P&L – Own full P&L responsibility for the Compliance & GRC practice, including revenue, margins, utilization, and cost management. Set practice strategy, service offerings, pricing models, and delivery standards. Forecast revenue, manage capacity planning, and drive sustainable growth. Partner with leadership on annual planning, targets, and practice expansion.
• Client Delivery & Advisory – Serve as executive sponsor and senior escalation point for key client engagements. Oversee delivery of SOC 2, ISO 27001, HIPAA, and other compliance frameworks across a large client portfolio. Ensure consistent, high‑quality delivery across all engagements, from readiness through audit completion. Guide clients through complex compliance, risk, and regulatory challenges. Maintain strong executive‑level client relationships and drive renewals and expansions.
• Team Leadership & Scaling – Build, manage, and scale a team of managers, senior consultants, and junior staff. Directly manage practice leaders and senior managers; indirectly oversee a larger delivery team. Set performance standards, career paths, and development plans. Lead hiring, onboarding, and training strategy for the practice. Foster a high‑accountability, high‑performance consulting culture.
• Growth & Go‑to‑Market – Drive practice growth through upsells, cross‑sells, renewals, and new client acquisition. Support sales and business development through scoping, proposals, and executive‑level client conversations. Help shape marketing narratives, thought leadership, and service positioning. Identify new frameworks, offerings, and market opportunities to expand the practice.

• 7+ years of experience in cybersecurity and compliance consulting.
• Demonstrated experience owning and leading large portfolios of SOC 2 engagements.
• Deep domain expertise with 40+ SOC 2 engagements completed as primary point of contact.
• Proven experience leading SOC 2, ISO 27001, HIPAA, and related audits end‑to‑end.
• Prior experience managing teams of 10+ consultants, including managers and senior staff.
• Strong understanding of SOC 2, ISO 27001, HIPAA, NIST, and related frameworks.
• Track record of balancing delivery excellence with commercial outcomes.
• Exceptional executive‑level communication and client relationship skills.
• Strong financial, operational, and strategic judgment.
• Bachelor’s degree in Information Security, Computer Science, Business, or equivalent experience.

• Professional certifications (CISSP, CISA, CISM, CRISC, or similar).
• Experience with compliance automation and GRC platforms (Vanta, Drata, etc.).
• Background working with high‑growth technology companies and startups.
• Experience with additional frameworks such as FedRAMP, PCI‑DSS, or GDPR.
• Previous experience at a Big Four firm or top‑tier cybersecurity consultancy.
• Strong technical foundation in cloud infrastructure and security architecture.

• Executive‑level compensation: target $175,000–$225,000+ total compensation, including performance‑based bonus tied to practice P&L.
• Significant leadership autonomy and ownership of a core revenue practice.
• Opportunity to build, scale, and shape a flagship compliance business.
• Work with top‑tier, venture‑backed and growth‑stage clients.
• Collaborative executive team and fast‑growing platform.
• Long‑term career growth with potential for expanded leadership scope.