Risk Senior Manager - Columbia - SC&H

Description

Overview

SC&H's Risk Practice is seeking a Senior Manager to lead and grow our service line with a strong focus on security-related consulting, including SOC (SSAE 18), ISO/IEC 27001, and ISO/IEC 42001 engagements. The ideal candidate combines sales/business development acumen, team leadership, and delivery expertise to shape client outcomes, scale practices, and develop high-performing teams. This role includes measurable growth responsibilities, client oversight, and engagement leadership across highly regulated and high-growth industries.

Work You\'ll Do

• Business Development & Growth (40%)
  • Own a personal book-of-business growth target; lead opportunity pursuit from prospecting through close (RFPs, proposals, orals, scoping, pricing).
  • Build and manage an opportunity pipeline across SOC (1/2/3), readiness, ISO 27001 ISMS implementation/assessments, ISO AI Management System) readiness/certification guidance, and security program advisory.
  • Develop go-to-market (GTM) offerings, thought leadership, and partner/alliances; collaborate with Marketing on campaigns and events.
  • Expand client relationships at the CISO, CIO, CTO, CAE, CFO levels; lead cross-sell with Assurance, Tax, and other Cyber/Technology teams.
• Engagement Leadership & Delivery (40%)
  • Lead SOC (SSAE 18) readiness and examination projects (SOC 1 Type 1/2, SOC 2 Type 1/2, SOC 3), including scoping, testing strategy, and report quality.
  • Lead ISO/IEC 27001 implementations (ISMS design, risk assessment, controls, internal audits, certification readiness) and ISO/IEC 42001 readiness/implementation for AI governance.
  • Oversee delivery quality, risk, and timelines across multiple concurrent engagements; ensure methodology compliance and audit defensibility.
• People Leadership & Practice Management (20%)
  • Manage, coach, and develop a team of managers/seniors/associates; lead staffing, utilization, and performance.
  • Champion a collaborative, inclusive, and learning-oriented culture; provide timely feedback and career guidance.
  • Strengthen delivery playbooks, templates, and accelerators; contribute to practice P&L hygiene (pricing discipline, margin, WIP/AR, scope management).

Qualifications

• Required
  • 8–12+ years of progressively responsible experience in public accounting, consulting, or a comparable risk/security practice.
  • Proven track record in SOC (SSAE 18) readiness and examinations (SOC 1/SOC 2), including planning, testing, supervision, and reporting.
  • Hands-on experience with ISO/IEC ISMS design/implementation, internal audit, certification readiness) and familiarity with ISO/IEC AI Management System) frameworks and AI governance concepts.
  • Demonstrated sales/business development success (pipeline creation, proposals/orals, solutioning, closing) and account growth.
  • People leadership experience: managing teams, setting priorities, and developing talent across multiple engagements.
  • Strong understanding of security and IT risk domains (identity and access, change/configuration, secure engineering, vendor risk, cloud controls, incident response, logging/monitoring, data governance, AI governance).
  • Excellent client communication, executive presence, and stakeholder management skills.
  • Prior practice-building responsibilities (offerings, pricing models, partner alliances).
• Preferred
  • Experience coordinating with external auditors and working in regulated industries (SaaS, fintech, healthcare, critical infrastructure).
  • Working knowledge of cloud security (Azure, AWS, GCP) and enabling platforms (e.g., M365/Entra ID, ServiceNow GRC, Archer, OneTrust).
• Education & Certifications
  • Bachelor's degree in Accounting, Information Systems, Computer Science, Cybersecurity, or related field; Master's degree a plus.
  • One or more of the following required:
  • CISA (Certified Information Systems Auditor)
  • ISO/IEC 27001 Lead Implementer or Lead Auditor (or equivalent ISO credential)
  • CPA (active)
  • Additional relevant certifications a plus: CISSP, CCSP, CRISC, CISM, ISO/IEC 42001-related training/credentials.
• Key Performance Indicators (KPIs)
  • Bookings & Revenue: Meets/exceeds individual and practice sales targets; healthy pipeline coverage, appropriate recovery/margins
  • Client Satisfaction & Expansion: New service-line cross-sells; referenceable clients.
  • People Metrics: Team utilization, retention, timely feedback, and progression of staff.

Any unsolicited resumes submitted through our website or to SC&H Group, Inc., employee e-mail accounts are considered property of SC&H Group, Inc., and are not subject to payment of agency fees. In order to be an authorized recruitment agency ("search firm") for SC&H Group, Inc., there must be a formal written agreement in place and the agency must be invited, by SC&H\'s Talent Acquisition team, to submit candidates for review.

About Sc&h

SC&H is a national consulting and financial services firm with an expanding global footprint — home to people who believe in the power of trusted personal relationships. Everyone here shares a passion for driving results, fueled by the genuine connections we forge. This is a place to build lasting professional relationships, grow your skills, and fulfill your potential.

SC&H is recognized annually by Inc., Baltimore Business Journal, Accounting Today, and Inside Public Accounting as a "Best Place to Work." We are 13 diverse practices with 430+ professionals across offices in Maryland, Tysons Corner / Washington D.C., Philadelphia, Chicago, and India; serving a client base from emerging growth to Fortune 500 companies.

Salary & Benefits
The expected annual base salary for this position is $140,000-$175,000. Salary offers are based on candidate-specific factors including skills, performance, responsibilities, experience, degrees and certifications, and market considerations. SC&H is 100% employee-owned and offers equity ownership after 1 year of service, a comprehensive health plan, at least 4 weeks of paid time off, 8 holidays, 401k with employer match, and an annual firm trip. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.