vCISO - GRC Advisor, Private Equity & Carveout Focus

February 20

Apply Now

Receive Emails with Similar Jobs

RKON

WebsiteLinkedInAll Job Openings

Since 1998, RKON has delivered IT Transformation helping private equity and enterprise firms achieve Quiet IT from vision to execution. We believe IT should seamlessly serve the business strategy versus getting in the way of execution. Our team at RKON has developed a refined approach, through years of experience, that delivers a clear vision of a scalable, agile, secure, cost optimized and low risk end state. To achieve this end state, RKON provides IT solutions in three stages, first building an advisory practice that sends the strategy in the right direction, an execution practice ensuring that vision is turned into reality and a management practice the keeps the vision on track as IT evolves to serve the business.

Managed Cloud Services • Professional Services • Mobile Security Solutions • Virtualization • Iaas

51 - 200 employees

📋 Description

• The vCISO – GRC Advisor will play a critical advisory role in assessing and enhancing governance, risk, and compliance (GRC) for entities undergoing private equity carveouts or mergers and acquisitions (M&A). • The advisor will be responsible for evaluating the target or newly independent entity’s security posture, identifying GRC gaps, and assisting with the development of tailored roadmaps to address key risks and compliance needs. • Conduct comprehensive GRC assessments, including the evaluation of existing policies, procedures, controls, and regulatory requirements (e.g., ISO 27001, NIST CSF, SOC 2). • Identify areas of risk, regulatory gaps, and weaknesses in security governance. • Evaluate third-party vendor risks and interdependencies in newly structured entities. • Develop strategic GRC roadmaps that align with the organization’s business goals and private equity timelines. • Provide expert guidance on compliance frameworks, including NIST, ISO 27001, SOC 2, and emerging privacy regulations. • Prepare executive-level reports summarizing key risks, recommendations, and compliance progress.

🎯 Requirements

• 5+ years of experience in GRC, information security, or internal audit roles with a focus on risk assessment and compliance. • Familiarity with private equity environments, carveouts, or M&A-related GRC challenges. • Strong knowledge of compliance regulations such as ISO 27001, NIST CSF, SOC 2, and emerging privacy laws (e.g., GDPR, CCPA). • Proven ability to develop GRC roadmaps and work with cross-functional teams to prioritize and implement recommendations. • Strong business acumen and the ability to communicate technical risks in business terms. • Experience engaging with executive leadership and providing board-level presentations. • Experience supporting PE-backed entities in M&A, carveouts, or other high-pressure transition environments. • Familiarity with third-party risk management and vendor assessment frameworks. • Industry-related certifications: CISSP, ISO 27001 Lead Auditor, CISA, CGRC (formerly CAP), or CDPSE.