Open Mobile Menu



Managing Director, Strategic Advisory Services

San Jose, California

AppSec Consulting has an immediate opportunity for a Managing Director to lead our Strategic Advisory Services team. This is a critical practice leadership role at AppSec Consulting. In this role you will be responsible for getting familiarized with all current service offerings, key clients and their needs, existing tools, and staff capabilities. From that point you will be expected to play a key role in developing a strategic roadmap and execution plan that will take the team forward to achieve organizational goals and objectives.    

Current team service offerings include: PCI DSS Assessment and Validation (both a PCI QSA and ASV company in good standing), ISO 27001 Readiness, SOC 1/2 Audit Readiness, GDPR, HIPAA, NIST CSF, Security Program Development, and IT Risk Assessment (using leading frameworks and methods). 

Primary Job Duties

  • Manage a Security Consulting Practice responsible for delivering a variety of Information Security, Data Privacy and Compliance (GRC) related solutions allowing clients to achieve organizational goals and objectives and to comply with leading industry and regulatory requirements.  
    • Responsible for improving and maintaining team business strategy.
    • Develop/Improve and maintain job objectives for all team staff.
    • Ensure your team has well defined and repeatable business processes.
    • Maintain a rigorous hiring process to ensure hiring of best fit candidates.
    • Provide mentoring to staff as needed.
    • Perform probationary and annual performance reviews. 
    • Demonstrate initiative, integrity and other leadership traits.
    • Make continuous improvements to our consulting methodologies and reporting templates.
    • Work with staff to ensure training plans align with team and company goals.
  • Work closely with your team Project Manager to ensure effective and consistent use of staff for all team engagements and making sure work is started and completed on time. 
  • Lead sales / scoping meetings and drafting up Statements of Work for information security, data privacy and GRC solutions. This will involve responding to inbound opportunities, referral prospects and outbound sales.    
  • Follow up with customers on pending deals and reaching out to existing customers to see if they require more of our services.
  • Spread the word about new career opportunities on your team as demand for your team’s services grows and then interview, hire, and onboard new Security Consultants.
  • Interview and onboard trusted contractors who can assist with projects at times when your in-house team is fully booked.
  • Ensure that a QA review is performed on all deliverables before turning them in to customers. 
  • Train at least one member of your team to perform your primary job duties when you are out of office so that you can enjoy your time off while keeping customers happy.

Occasional Job Duties

  • Participate in the review and improvement of company’s business strategy.
  • Manage and develop strategic partnerships with other industry leading organizations (For example; ISO 27001 Registrars, CPA Firms, MSPs, Systems Integrators, Industry Associations, etc.).   
  • Present at conferences to help raise awareness about AppSec Consulting and our Strategic Advisory Services.
  • Assist with marketing initiatives, such as conference vendor expos, website improvements, blogging, improving sample deliverables, etc.

Work Location

AppSec Consulting is headquartered in San Jose, California. It is highly preferable to have a Bay Area-based individual in this role. 

Technical Skills (possess several of the requirements below)

  • At least ten years of information security experience. 
  • At least five years of IT/InfoSec operations experience.
  • At least three years of data privacy experience (CIPP preferred).  
  • At least five years of payment security experience (PCI QSA or PCI ISA preferred).
    • Participated in writing/QA’ing at least 5 RoCs. 
    • Performed a minimum of 10 PCI Gap Assessments
  • At least five years of ISO 27001 Experience (Audit and/or Implementation)
    • ISO 27001 Lead Implementer (preferred)
    • ISO 27001 Lead Auditor (preferred)
  • Working knowledge of SOC 1, SOC 2, HIPAA and HiTrust.
  • Strong technical skills and familiarity with common security technologies.
  • One or more SANS certifications.

Management Skills

  • 5 years previous management experience in a highly productive professional services / consulting firm.
  • Capable of managing a staff of 10 employees.
  • Capable of achieving 25% growth.  

Soft Skills

  • Strong customer focus. The goal should be to make customers happy enough that they ask for your employees to do more work for them.
  • Strong written and verbal communication skills.
  • Desire to learn new things and be a participant in the information security and data privacy communities.
  • Desire to be an enthusiastic evangelist/ambassador as we grow our brand and market reach.
  • Good organizational skills.
  • Honesty and integrity.
  • Enthusiastic, responsible, proactive, and dependable team leader and contributor.
  • A strong understanding of business development is a plus; this is a key leadership role with a lot of opportunity for the right candidate to take ownership of an existing practice and grow it with AppSec Consulting’s resources and excellent reputation fully behind them.

Other Requirements

  • Willingness to travel when necessary.
  • Flexibility to work odd hours at times. For the most part, this is a job that can be performed during normal business hours but you’ll be working with employees and customers in many different time zones and will sometimes need to handle high-priority tasks during non-business hours.
  • If offered the position, must undergo criminal background check and drug testing.

Job Benefits

  • Competitive salary including performance incentives based on team performance, utilization and operational effectiveness.
  • Company sponsored 401K with employer match.
  • Company sponsored medical and dental insurance.
  • Company sponsored training programs.
  • Company sponsored industry certifications necessary for your position.
  • Opportunity to work in a fun, collaborative atmosphere with some of the best information security, data privacy and GRC experts in the industry.
  • Strong focus on work/life balance.

If you think you’re the right person for this challenging and fun career opportunity, please send your resume to