Information Security Compliance Lead

Dragonfli Group is seeking an Information Security Compliance Lead for a high-stakes, client-facing engagement. This is a pure-play GRC role supporting an active information security program within a premier client environment. The successful candidate will act as a primary lead for the GRC function, requiring deep compliance execution experience, exceptional professional presence, and the ability to operate with total autonomy from day one. The right candidate will be able to manage audit cycles and platform implementations immediately., * Independently complete complex client security questionnaires and audit responses using established firm precedent and maintain organized submission records.

• Lead compliance monitoring and enforcement against ISO 27001 and ISO 42001 (AI Management System).
• Directly manage the 30-day implementation and optimization of the Vanta trust center platform.
• Conduct and document risk assessments, policy reviews, and audit evidence gathering for an upcoming audit window.
• Develop and maintain cybersecurity policies and procedures aligned to regulatory requirements and AI/ML-enabled monitoring.
• Deliver and track compliance training and awareness initiatives; report outcomes to leadership.
• Interface directly with client legal, compliance, and IT stakeholders as a polished representative of the firm.

Do you have experience in Regulatory compliance?, Do you have a Bachelor's degree?, * 2-5+ years supporting information security in large, complex environments (Law firm or Big 4 experience strongly preferred).

• Expert-level working knowledge of ISO 27001 and NIST CSF.
• Proven experience implementing or managing Vanta or equivalent trust center platforms.
• Exceptional written and interpersonal communication skills; ability to produce "client-ready" deliverables without internal oversight.
• Bachelor's degree in computer science, information security, or related field; equivalent experience considered.
• Preferred certifications: CISSP, CISA, or CompTIA Security+

Skill(s):

• GRC platform expertise (Vanta, OneTrust, Archer, or ServiceNow GRC).
• Security questionnaire automation tools (Whistic, Responsive, Loopio).
• Third-party risk management (TPRM) fundamentals and SOC 2 Type I/II audit support. GDPR, CCPA, and AI privacy regulation familiarity.
• Evidence collection, audit artifact management, and policy lifecycle management.
• Risk register development and maintenance.
• Business continuity and disaster recovery documentation support.
• Strong proficiency in Microsoft 365 (SharePoint, Teams, Word, Excel) for collaboration.
• Experience working in a ticketing or GRC workflow environment (Jira, ServiceNow).

Dragonfli Group is an elite cybersecurity and IT advisory firm specializing in security operations, architecture, governance, and technology implementation for enterprise and regulated industry clients. We are a certified small business with deep experience across federal, financial services, utilities, and professional services sectors.