Really great suggestions here. I would add a few tips I use when working with larger clients that may or may not apply:
Instead of trying to manage client company permissions within a project by splitting them up as members and guests, I’d set them all up as guests, and create 2 separate client projects. One as the “working project” which is open to all members of the client’s company needing access to the project (where all the tactical work gets done), and a 2nd project set up as a “management project” which you can use for more sensitive info such as legal docs, financial transactions, etc.
As @James_Carl suggested, I would definitely color code each project so you can quickly separate and visualize which projects have client visibility, which ones have management visibility, and which ones are private to your company. This goes a long way in preventing mistakes, like posting confidential info in the wrong project.
If you decide to use multiple projects for each client, for example manager and working projects for both your company and the client company (which would be 4 projects/client) it’s helpful to create some sort of standardized labeling for project names. (in addition to the color coding) so everyone can easily tell them apart.
Hope this helps.