Vice President Advisory

About NopalCyber

NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Through Managed Extended Detection and Response (MXDR), Attack Surface Management (ASM), Breach and Attack Simulation (BAS), and Advisory Services, we fortify our clients’ cybersecurity across both offense and defence.

Our AI-driven Nopal360° platform, NopalGo mobile app, and proprietary Cyber Intelligence Quotient (CIQ) enable organizations to quantify, track, and visualize their cybersecurity posture in real time. We democratize enterprise-grade security operations for organizations of all sizes by lowering the barrier to entry while raising the bar for security and service.

As the Vice President – Advisory, you will lead and expand NopalCyber’s Governance, Risk, and Compliance (GRC) and cybersecurity advisory practice. You will serve as a trusted advisor to CXO-level clients, shaping strategies that enable resilience, risk optimization, and regulatory alignment. This role combines deep GRC expertise with strategic leadership to address evolving areas such as cloud, data privacy, and AI security governance, ensuring clients stay ahead of emerging compliance and threat landscapes.

Key Responsibilities:

• Provide strategic leadership for all Governance, Risk, and Compliance (GRC) and cybersecurity advisory engagements across global clients.
• Define and execute the vision, strategy, and roadmap for NopalCyber’s Advisory practice in alignment with business objectives.
• Serve as the executive subject matter expert (SME) in information and cybersecurity governance, risk management, compliance frameworks, and regulatory alignment.
• Oversee and guide enterprise security assessments of on-premises and cloud IT assets, ensuring robust methodologies and consistent quality delivery.
• Govern the design and validation of security control testing programs, posture assessment models, and reporting frameworks.
• Ensure advisory programs are aligned with regulatory mandates including Digital Personal Data Protection Act, 2023, ISO 27001, GDPR, SOC 2, PCI DSS, and NIST frameworks.
• Drive innovation in the use of GRC and automation tools, optimizing delivery through analytics and AI-driven insights.
• Provide strategic oversight of AI security and governance, including risk management of AI models, ethical use of AI in compliance contexts, and adherence to emerging AI regulations.
• Provide executive direction for security risk management, third-party risk management (TPRM), and assurance programs.
• Lead client engagement and relationship management with senior stakeholders, ensuring strategic alignment and satisfaction.
• Partner with business development teams to support sales pursuits, proposals, and new offering development.
• Build and nurture a high-performing Advisory team, providing mentoring, coaching, and professional development.
• Promote thought leadership by participating in forums, industry events, and internal knowledge-sharing platforms.
• Lead practice governance, performance metrics, and continuous improvement to drive consistency and efficiency.
• Collaborate cross-functionally with SOC, Pre-sales, and Delivery leaders to ensure integrated client engagement and service delivery.
• Continuously update and align the enterprise cybersecurity strategy to emerging technologies, threats, and compliance requirements, including AI-driven risk frameworks.

Job Specifications:

1. Qualification:

• Bachelor’s degree in engineering or a related technology discipline.
• Professional certifications including ISO 27001 Lead Implementer/Lead Auditor, and one or more of CISSP, CISA, or CIPP.
• Additional cloud security certifications such as CCSP, CCSK, or public cloud architect certifications from AWS, Azure, or Google Cloud are desirable.

2. Experience:

• 15+ years of total experience in cybersecurity and GRC advisory roles, with 8+ years in leadership or practice head capacity.
• Proven track record of delivering enterprise-scale information security, risk management, and compliance programs across industries.

3. Desired Skills:

• Deep understanding of information security principles, controls, and risk frameworks such as ISO 31000, ISO 27005, NIST CSF, COBIT, SOC 1/SOC 2, and PCI DSS.
• Expertise in GRC project and program management, including advisory methodologies and client delivery governance.
• Strong experience in IT and cybersecurity audit management and regulatory compliance execution.
• Proficiency in security controls testing, including web, mobile, cloud, and corporate systems.
• Proven experience in cloud security implementation, AI security governance, and risk assessments.
• Strong understanding of vulnerability management, application security testing, and automation tools.
• Demonstrated ability to lead client management, vendor oversight, and stakeholder communication at executive level.
• Skilled in developing new risk-based service offerings and driving business development initiatives.
• Effective in building practice eminence and shaping client expectations through advisory thought leadership.

Personal Attributes:

• Strategic and visionary leader with strong execution focus.
• Excellent communication, analytical, and interpersonal skills with the ability to engage and influence executives.
• Self-motivated, detail-oriented, and resilient under pressure.
• Adept at managing multiple large-scale programs simultaneously.
• Inspires trust, collaboration, and excellence within cross-functional teams.