GRC and AI Governance - Senior Manager

CFGI is seeking a Cybersecurity GRC & AI Governance Subject Matter Expert to lead and deliver strategic advisory engagements that strengthen clients’ security governance, risk management, compliance posture, AI governance programs, and privacy programs. This role blends hands-on delivery, executive communication, and practice leadership. You will work directly with CISOs, CIOs, CFOs, General Counsel/Privacy Counsel, Risk Leaders, and PE deal teams to design pragmatic programs, build operating models, and drive measurable outcomes.
 
The ideal candidate brings deep expertise in GRC frameworks, regulatory compliance, privacy, and AI governance and compliance (e.g., NIST AI RMF, EU AI Act), strong consulting instincts, and a proven ability to lead teams and manage multiple client workstreams.
 
Key Responsibilities:
 
Client Advisory & Delivery:
 
Lead end-to-end GRC and privacy engagements, including scoping, planning, execution, and executive reporting.
Design and operationalize cybersecurity governance models (policies, standards, risk appetite, committees, reporting KPIs/KRIs).
Build and mature enterprise risk programs: risk assessments, risk registers, control libraries, and control testing approaches.
Lead AI governance and compliance engagements — design and operationalize AI governance frameworks, conduct AI risk and impact assessments, build model inventories, establish AI use-case classification and tiering, advise on responsible AI principles, and guide clients through compliance with the EU AI Act, NIST AI RMF, and ISO 42001.
Develop and implement security policies, standards, and procedures aligned to common frameworks (e.g., NIST CSF, ISO 27001/27002, CIS, SOC 2, CMMC, FedRAMP, NIST AI RMF, ISO 42001).
Support regulatory readiness and compliance initiatives (e.g., SEC cyber disclosure support, NYDFS 500, GDPR/UK GDPR, CCPA/CPRA, HIPAA, PCI DSS, SOX ITGC, EU AI Act, CMMC, FedRAMP alignment where applicable).
Stand up or enhance privacy programs: data ma...