Vciso, Grc Advisor

RKON Logo

RKON

📍Remote - Worldwide

Summary

Join RKON, an award-winning IT services company, as a vCISO – GRC Advisor specializing in private equity carveouts and mergers and acquisitions. You will play a critical advisory role, assessing and enhancing governance, risk, and compliance (GRC) for entities undergoing these transitions. Responsibilities include conducting GRC assessments, developing strategic roadmaps, providing regulatory compliance guidance, and supporting stakeholder communication. This role requires a strategic thinker with strong GRC expertise and experience in private equity environments. You will work with executive leadership and provide board-level presentations. The ideal candidate possesses a strong understanding of relevant compliance regulations and a proven ability to develop and implement GRC roadmaps.

Requirements

  • 5+ years of experience in GRC, information security, or internal audit roles with a focus on risk assessment and compliance
  • Familiarity with private equity environments, carveouts, or M&A-related GRC challenges
  • Strong knowledge of compliance regulations such as ISO 27001, NIST CSF, SOC 2, and emerging privacy laws (e.g., GDPR, CCPA)
  • Proven ability to develop GRC roadmaps and work with cross-functional teams to prioritize and implement recommendations
  • Strong business acumen and the ability to communicate technical risks in business terms
  • Experience engaging with executive leadership and providing board-level presentations

Responsibilities

  • Conduct comprehensive GRC assessments, including the evaluation of existing policies, procedures, controls, and regulatory requirements (e.g., ISO 27001, NIST CSF, SOC 2)
  • Identify areas of risk, regulatory gaps, and weaknesses in security governance
  • Evaluate third-party vendor risks and interdependencies in newly structured entities
  • Develop strategic GRC roadmaps that align with the organization’s business goals and private equity timelines
  • Prioritize recommendations to address short-term risks and long-term security objectives
  • Provide actionable steps to help organizations meet key regulatory or compliance milestones
  • Provide expert guidance on compliance frameworks, including NIST, ISO 27001, SOC 2, and emerging privacy regulations
  • Ensure that recommendations reflect PE-backed entities’ scalability needs
  • Support compliance initiatives with documentation, reporting, and audit preparation
  • Collaborate with executive leadership, private equity sponsors, and other key stakeholders to communicate risk findings and mitigation plans effectively
  • Prepare executive-level reports summarizing key risks, recommendations, and compliance progress
  • Advise on the security implications of post-merger integration, carveout transitions, or divestitures
  • Identify transitional risks (e.g., access management, data segregation) and provide practical guidance to mitigate them
  • Support operational resilience and business continuity during transitions
  • Assess the security posture of critical vendors and service providers, ensuring proper risk management during onboarding and throughout the engagement lifecycle
  • Assist clients in developing or updating GRC frameworks, policies, and procedures to reflect their newly independent operating model

Preferred Qualifications

  • Experience supporting PE-backed entities in M&A, carveouts, or other high-pressure transition environments
  • Familiarity with third-party risk management and vendor assessment frameworks
  • Industry-related certifications: CISSP, ISO 27001 Lead Auditor, CISA, CGRC (formerly CAP), or CDPSE

Remote

Cybersecurity

Senior

Share this job:

Disclaimer: Please check that the job is real before you apply. Applying might take you to another website that we don't own. Please be aware that any actions taken during the application process are solely your responsibility, and we bear no responsibility for any outcomes.