vCISO – GRC Advisor (Private Equity & Carveout Focus)

About us: RKON is an ISO27001 and AICPA SOC 2 Type II certified company that specializes in providing IT migration and transformation services for the Mergers and Acquisitions market. RKON was recently recognized as one of the 100 best places to work in IT, highlighting our competitive advantage of empowering thought leaders and providing cutting-edge solutions for the fast-paced industry of private equity. RKON is looking for ambitious professionals to join our award-winning team. We have a proven track record for finding and developing top talent with people that believe they can achieve something greater. We also pride ourselves on fostering an environment where initiative, creative thinking, and collaboration are encouraged and rewarded—a key reason for the extraordinary level of service we deliver to our customers.
RKON does not accept unsolicited resumes from staffing agencies, search firms or any third parties.
About the position: The vCISO – GRC Advisor (Private Equity & Carveout Focus) will play a critical advisory role in assessing and enhancing governance, risk, and compliance (GRC) for entities undergoing private equity carveouts or mergers and acquisitions (M&A). The advisor will be responsible for evaluating the target or newly independent entity’s security posture, identifying GRC gaps, and assisting with the development of tailored roadmaps to address key risks and compliance needs. This role requires a strategic thinker who understands the fast-paced environment of PE-backed entities and can provide actionable recommendations without being directly involved in technical implementation.
Key Responsibilities Include:

• GRC Assessment & Gap Analysis: Conduct comprehensive GRC assessments, including the evaluation of existing policies, procedures, controls, and regulatory requirements (e.g., ISO 27001, NIST CSF, SOC 2).
  
  • Identify areas of risk, regulatory gaps, and weaknesses in security governance.
  • Evaluate third-party vendor risks and interdependencies in newly structured entities.
• Roadmap Development: Develop strategic GRC roadmaps that align with the organization’s business goals and private equity timelines.
  
  • Prioritize recommendations to address short-term risks and long-term security objectives.
  • Provide actionable steps to help organizations meet key regulatory or compliance milestones.
• Regulatory and Compliance Advisory: Provide expert guidance on compliance frameworks, including NIST, ISO 27001, SOC 2, and emerging privacy regulations.
  
  • Ensure that recommendations reflect PE-backed entities’ scalability needs.
  • Support compliance initiatives with documentation, reporting, and audit preparation.
• Board and Stakeholder Reporting: Collaborate with executive leadership, private equity sponsors, and other key stakeholders to communicate risk findings and mitigation plans effectively.
  
  • Prepare executive-level reports summarizing key risks, recommendations, and compliance progress.
• M&A Transition Support: Advise on the security implications of post-merger integration, carveout transitions, or divestitures.
  
  • Identify transitional risks (e.g., access management, data segregation) and provide practical guidance to mitigate them.
  • Support operational resilience and business continuity during transitions.
• Third-Party and Vendor Risk: Assess the security posture of critical vendors and service providers, ensuring proper risk management during onboarding and throughout the engagement lifecycle.
• Policy and Framework Development: Assist clients in developing or updating GRC frameworks, policies, and procedures to reflect their newly independent operating model.

Required Technical and Professional Expertise

• 5+ years of experience in GRC, information security, or internal audit roles with a focus on risk assessment and compliance.
• Familiarity with private equity environments, carveouts, or M&A-related GRC challenges.
• Strong knowledge of compliance regulations such as ISO 27001, NIST CSF, SOC 2, and emerging privacy laws (e.g., GDPR, CCPA).
• Proven ability to develop GRC roadmaps and work with cross-functional teams to prioritize and implement recommendations.
• Strong business acumen and the ability to communicate technical risks in business terms.
• Experience engaging with executive leadership and providing board-level presentations.

Preferred Technical and Professional Expertise

• Experience supporting PE-backed entities in M&A, carveouts, or other high-pressure transition environments.
• Familiarity with third-party risk management and vendor assessment frameworks.
• Industry-related certifications: CISSP, ISO 27001 Lead Auditor, CISA, CGRC (formerly CAP), or CDPSE.