SummaryCyber74, a New Charter Technologies operating company, is seeking a Compliance Team Lead to help scale and strengthen our growing compliance practice. This is a hands-on, client-facing role - approximately 70% of your time will be spent personally delivering compliance work directly with clients, with the remaining 30% focused on team leadership and practice development. You are a practitioner first and a leader second.
The core of this role is helping Cyber74 build and mature our SOC 2, ISO 27001, and PCI DSS service delivery - developing the internal frameworks, methodologies, and client-facing playbooks that will define how we deliver compliance as a practice. You will also mentor junior team members and contribute to the evolution of our service offerings, all while maintaining direct ownership of client engagements.
Primary Responsibilities- Personally lead and execute compliance engagements for clients - this is a doing role, not just a directing role
- Serve as the primary hands-on point of contact for client compliance work, managing engagement delivery from kickoff through audit readiness
- Conduct gap analyses, readiness assessments, and risk reviews directly with clients, identifying control deficiencies and building actionable remediation roadmaps
- Develop, write, and maintain client-facing policies, procedures, and control documentation - producing real deliverables, not just reviewing others' work
- Help build and continuously refine Cyber74's internal compliance frameworks, service delivery methodology, templates, and playbooks from the ground up
- Mentor and guide junior compliance staff, reviewing their work and supporting their development without offloading core client responsibilities
- Collaborate with internal security engineers and vCISO team members to deliver integrated security and compliance solutions
- Track regulatory and framework updates to keep client programs current and audit-ready
- Support business development by contributing to proposals, scoping conversations, and client presentations based on direct subject matter expertise
Preferred Skills & ExperienceCore Framework Experience (Required)- 3-5+ years of hands-on experience personally executing engagements across SOC 2 (Type I & II), ISO 27001, and/or PCI DSS - not just program oversight
- Demonstrated ability to independently run a compliance engagement end-to-end: scoping, gap analysis, control mapping, evidence collection, and audit preparation
- Experience in a managed services or consulting environment strongly preferred
- Familiarity with GRC platforms, particularly IntelliGRC (Cyber74's platform of record); experience with Drata, Vanta, Tugboat Logic, or similar tools also valued
- Proven ability to write information security policies, risk assessments, and audit evidence packages from scratch
- Starting salary of 110k and up based on experience
Additional Framework Experience (A Strong Plus)- Exposure to HIPAA, NIST CSF, or CMMC is a bonus - candidates who excel in our core frameworks are encouraged to apply even without depth in these areas
- Relevant certifications are a plus: CISA, CRISC, CISSP, CISM, or ISO 27001 Lead Auditor/Implementer
General Skills- Strong project management skills with the ability to manage multiple concurrent client engagements independently
- Excellent written and verbal communication skills, including the ability to present technical topics to non-technical stakeholders and executives
Preferred Attributes- A practitioner at heart - energized by doing the work, not just managing it
- Proven ability to build from scratch: frameworks, processes, and templates in environments where they don't yet exist
- Detail-oriented and process-driven, with a strong commitment to quality and consistency across every client deliverable
- Self-motivated and comfortable working independently in a remote or hybrid environment
- Collaborative and adaptable, able to work across teams and adjust to evolving client needs
- Growth mindset with an interest in developing new compliance capabilities over time
- Comfortable engaging at the executive level and translating compliance requirements into clear business language
