Associate Director, Cyber Risk & Governance Advisory (Remote)
PNG Cyber is looking for an experienced and well-rounded Associate Director of Cyber Risk & Governance Advisory to support client-facing engagements focused on cybersecurity governance, compliance, and risk strategy. Reporting directly to the Vice President of Operations, this individual will serve as a key resource for small to medium-sized U.S. businesses—across both regulated and non-regulated industries—looking to better understand and strengthen their cybersecurity posture. The ideal candidate will have a strong foundation in cyber risk and compliance, along with the technical expertise necessary to confidently assess security environments, ask the right questions, and provide practical, evidence-based recommendations aligned with applicable frameworks.
This is a hands-on leadership role for someone who can not only advise but also roll up their sleeves when needed. Due to our lean company structure, this position also requires flexibility and the ability to support broader operational and administrative functions, including assisting the Incident Response and MDR teams, mentoring junior staff, and contributing to the development and refinement of internal SOPs.
Key Responsibilities
Advise clients on cybersecurity governance, regulatory compliance, risk management, and overall posture improvement.
Identify program and technical control gaps, and translate those into actionable, prioritized remediation plans.
Map cybersecurity controls to applicable frameworks and regulations (e.g., NIST CSF, HIPAA, CMMC, ISO 27001, PCI DSS), tailored to the client’s business model, industry, and regulatory profile.
Evaluate technical environments (e.g., network infrastructure, cloud, endpoint, access controls) to determine practical solutions that meet security and compliance goals.
The individual must have tool proficiency with security solutions such as SentinelOne, Huntress, Perception Point, and Splunk—or demonstrate the ability to quickly become proficient in their use.
Draft, implement, and review cybersecurity policies and standards appropriate to the organization’s maturity and compliance needs.
Guide clients through external assessments and audits (SOC 2, ISO, CMMC), including readiness planning, evidence gathering, and post-audit remediation.
Collaborate with internal engineering and technical services teams to ensure alignment between strategic guidance and technical execution.
Provide support across administrative and operational functions as needed to maintain continuity and redundancy in leadership roles.
Stay up to date on the threat landscape, emerging compliance requirements, and best practices in cybersecurity governance.
Qualifications
10+ years of cybersecurity experience with a strong emphasis on governance, risk, and compliance.
Demonstrated experience advising clients or stakeholders in regulated industries, such as healthcare, financial services, or critical infrastructure.
Technical knowledge sufficient to understand enterprise architecture, identify vulnerabilities, and map solutions to framework controls.
Proven ability to write and implement information security policies and provide audit readiness support.
Experience supporting or leading audit prep and response for SOC 2, ISO 27001, HIPAA, CMMC, or other major frameworks.
Ability to provide clarity and direction across multiple functions in a lean organization.
Exceptional communication and documentation skills—able to bridge gaps between technical teams, leadership, and external counsel.
Bachelor’s degree in Cybersecurity, Information Technology, or a related field. Master’s degree or relevant certifications preferred.
Preferred Certifications
CISSP, CISA, CISM, CRISC, or equivalent
CMMC RP/RPA or CCP
Experience interfacing with or supporting outside counsel is a plus.
