Senior Cybersecurity GRC Consultant

Xantrion is a leading managed security service provider on a mission to empower mid-sized businesses with technology and cybersecurity peace of mind. We are building a stellar team of technology experts who love helping our clients be the best they can be.

Joining Xantrion’s Security and Reliability team means working with a group of people who are passionate about safeguarding our clients. Our 24/7 Cybersecurity and Systems Operations Center (CSOC) provides continuous monitoring, detection, and response services. Our cybersecurity engineering and consulting teams work together to deliver a full suite of cybersecurity services.

This is a full-time position and is 100% remote with the option to work from our office in Lafayette, CA. Occasional travel to client sites, industry events and training will be needed.

About the position
The Senior Cybersecurity Consultant is responsible for aiding clients and Xantrion in achieving and maintaining compliance with security standards such as CMMC, HIPAA, SOC2 and ISO 27001. Primary responsibilities include identifying, testing, and reporting on risks and controls, conducting gap analysis and remediation planning, and providing guidance and best practices on security policies and procedures.

In this role you will ensure effective communication and coordination of compliance activities for both clients and for Xantrion itself. The Senior Cybersecurity Consultant position reports to the Security and Compliance Manager.

You will make an impact in the first 90 days by:

  • Building on Xantrion’s existing SOC2 compliance program by establishing an ISO 27001 and CMMC implementation project.
  • Developing the initial framework for Xantrion’s internal System Security Plan (SSP) and Information Security Management System (ISMS).
  • Contributing to the strategy and design of future consulting services.


Governance, Risk, and Compliance Consulting (60%)

  • Lead expert consulting engagements helping business leaders understand regulatory requirements and risk.
  • Develop right-sized cybersecurity and resiliency programs alongside Xantrion technical engineers.
  • Perform risk-assessments, policy development, and tabletop exercises for clients and vendors.
  • Conduct gap-analysis against cybersecurity frameworks and develop remediation plans.
  • Design and develop security policies, standards, and procedures across various domains including System Security Plans, business continuity, and incident response.
  • Design and administer security training and awareness programs.
  • Lead client meetings and workshops, create client-facing presentations and reports.
  • Offer ongoing guidance to Xantrion’s cybersecurity practice ensuring our services are always “audit-ready”.
  • Become a representative of the company in various regulated markets by providing industry thought leadership including performing research, developing content, and attending industry events.

Internal Compliance (40%)

  • Work cross-functionally, building on our existing SOC2 program to prepare for ISO 27001 and CMMC certification.
  • Drive internal audits to assess compliance and identify areas for improvement.
  • Serve as a primary liaison to external auditors, assessors, and examiners.

Knowledge & Experience

  • 8+ years of experience in cybersecurity governance, risk, and compliance, with a focus on common certification and attestation requirements (e.g., FedRAMP, CMMC, PCI DSS, ISO 27001, SOC2, HIPAA).
  • Professional experience conducting security assessments and leading implementation of common security frameworks (e.g., NIST 800-171, NIST 800-53, NIST CSF, SOC2, HITRUST, ISO 27001).
  • Self-starter with the ability to work independently, proactively take ownership of work, and drive engagements to provide value to clients.
  • Strong analytical and problem-solving skills, particularly in information systems, cybersecurity, and privacy.
  • Proven ability to manage projects, meet deadlines, and achieve high levels of quality.
  • Excellent organizational, writing, and communication skills.
  • Relevant training and certifications (e.g., CCP, CCA, CISSP, CISA, CISM, ISO 27001 Lead Implementor) are strongly preferred.


  • Salary $125K – 175K.
  • 100% of medical, dental, and vision for you and your family.
  • Certification and training reimbursement.
  • 17 Days PTO per year (in addition to training allowance).
  • 401K match up to 4% of salary.
Xantrion is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws. All employment is decided on the basis of qualifications, merit, and business needs at the time.