Principal Consultant - Strategy & Risk

The Principal Consultant in the cyber risk and compliance practice is an experienced leader driving strategic initiatives, managing complex client engagements, and delivering high-impact security and risk solutions. This role combines deep subject matter expertise with technical and business acumen to guide organizations in strengthening their cybersecurity posture and regulatory compliance. Responsibilities include mentoring consultants, advising C-level executives, developing security strategies based on industry best practices like NIST and ISO 27001, leading governance and compliance engagements, and conducting risk and maturity assessments. Candidates need 10-15 years of experience, strong analytical skills, and relevant certifications.

Must Have

• Mentor security consultants in cybersecurity risk and compliance management.
• Serve as trusted advisor to C-level executives on cybersecurity and risk management.
• Translate business requirements into security features and functionality.
• Develop and drive security strategies, policies, and frameworks (NIST, ISO 27001CMMC, CIS, PCI).
• Assist with development of cyber engagement plans.
• Rationalize security solutions against requirements, risk, and constraints.
• Lead complex cybersecurity governance, risk, and compliance engagements.
• Conduct security risk assessments, maturity assessments, and gap analysis for regulatory compliance.
• Act as primary point of contact for executive stakeholders.
• Hands-on experience with security assessments, risk management, compliance assessments, policy and standards.
• Strong analytical and problem-solving skills for cybersecurity challenges.
• Excellent communication and report writing skills for client engagements.
• Ability to manage multiple projects and work independently in a fast-paced environment.
• Broad awareness of the security/technology space.
• Bachelor's degree and 10-15 years of related work experience.
• Deep experience in cybersecurity frameworks and risk management methods.
• Willingness to travel to meet client needs.
• Valid driver's license in the US.
• Relevant certifications (CISSP, CISM, CRISC, CCSP, CMMC CCP/CCA, ISO 27001 Lead implementer).

Perks & Benefits

• A company committed to championing Diversity, Equality, and Inclusion through our Employee Resource Groups.
• Work/life balance
• Professional training resources
• Creative problem-solving and the ability to tackle unique, complex projects
• Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities.
• The ability and technology necessary to productively work remotely/from home (where applicable)

The Principal Consultant in the cyber risk and compliance practice is an experienced leader in driving strategic initiatives, managing complex client engagements, and delivery high-impact security and risk solutions. This role combines deep subject matter expertise with technical and business acumen to guide organizations in strengthening their cybersecurity posture and regulatory compliance.

How you'll make an impact

• Mentor security consultants, fostering professional growth in the areas of cybersecurity risk and compliance management
• Serve as trusted advisor to C-level executives, senior leadership sponsors on cybersecurity and risk management
• Work with customers to help them articulate their business requirements and how those requirements translate into security features and functionality
• Develop and drive security strategies, policies and frameworks for clients based on industry leading practices (NIST, ISO 27001CMMC, CIS, PCI, etc.)
• Assist with development of cyber engagement plans for customers which will enable them to execute upon strategies
• Rationalize different security solutions against requirements, risk, and constraints
• Represent the practice at industry events, speaking engagements and round table discussions if required
• Lead, complex and high-profile cybersecurity governance, risk and compliance engagements across industries
• Conduct security risk assessments, maturity assessments, and gap analysis for regulatory compliance
• Act as the primary point of contact for executive stakeholders, ensuring clear communication and strategic alignment
• Hands on experience with security assessments, risk management, compliance assessments, policy and standards and other related risk and compliance activities
• Strong analytical and problem-solving skills for cybersecurity challenges
• Excellent communication and report writing skills for client engagements
• Ability to manage multiple projects and work independently in a fast-paced environment
• Broad awareness of the security/ technology space as a whole

What we're looking for

• Bachelor's degree and approximately 10-15 years of related work experience
• Deep experience in cybersecurity frameworks and risk management methods and frameworks (e.g., NIST, ISO 27001, CIS, CMMC)
• Willingness to travel to meet client needs
• Valid driver's license in the US
• Holds relevant certifications in the cybersecurity and risk management industry such as, CISSP, CISM, CRISC, CCSP, CMMC CCP/CCA, ISO 27001 (Lead implementer)
• Strong interpersonal skills
• Strong written and presentational skills; ability to clearly communicate complex messages to a variety of audiences
• Possess high standard of integrity and confidentiality

What you can expect from Optiv

• A company committed to championing Diversity, Equality, and Inclusion through our Employee Resource Groups .
• Work/life balance
• Professional training resources
• Creative problem-solving and the ability to tackle unique, complex projects
• Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities.
• The ability and technology necessary to productively work remotely/from home (where applicable)

EEO Statement

Optiv is an equal opportunity employer. All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity or expression, sexual orientation, pregnancy, age 40 and over, marital status, genetic information, national origin, status as an individual with a disability, military or veteran status, or any other basis protected by federal, state, or local law.

Optiv respects your privacy. By providing your information through this page or applying for a job at Optiv, you acknowledge that Optiv will collect, use, and process your information, which may include personal information and sensitive personal information, in connection with Optiv’s selection and recruitment activities. For additional details on how Optiv uses and protects your personal information in the application process, click here to view our Applicant Privacy Notice . If you sign up to receive notifications of job postings, you may unsubscribe at any time.