Own and lead the FedRAMP High authorization program.
Serve as the primary point of accountability for government compliance programs.
Manage compliance roadmaps, milestones, dependencies, risks, and remediation efforts.
Commvault is the gold standard in cyber resilience. The company empowers customers to uncover, take action, and rapidly recover from cyberattacks – keeping data safe and businesses resilient. For over 25 years, more than 100,000 organizations and a vast partner ecosystem have relied on Commvault to reduce risks, improve governance, and do more with data.
Own the DoW product strategy and execution roadmap, ensuring alignment with customer needs, mission requirements, and market demands.
RegScale is a cyber GRC platform designed to enable the CISO to track and monitor security controls. They help organizations break out of the slow and expensive realities that plague legacy GRC tools by bridging security, risk, and compliance through controls lifecycle management.
Support the development, implementation, and maintenance of IT compliance policies, standards, procedures, and controls.
Coordinate and support internal and external audits, including preparation of documentation, evidence collection, and remediation tracking.
Perform periodic compliance assessments, gap analyses, and risk assessments against applicable frameworks and standards.
Xcelerate Solutions, founded in 2009 and located in McLean, VA, is a fast-growing company. The company is defined by a diversified workforce of dynamic and versatile professionals, with growth and development opportunities that contribute to individual and firm growth.
Lead SOC 2 and ISO programs through the full audit lifecycle.
Build integrations that continuously gather compliance evidence from AWS, GitHub, identity providers, and internal systems.
Evaluate and monitor third-party vendors for security and compliance risk.
Fieldguide is establishing a new state of trust for global commerce and capital markets through automating and streamlining the work of assurance and audit practitioners. The company is based in San Francisco, CA, and built as a remote-first company with a team that is inclusive, driven, humble and supportive.
Own the DoW product strategy and execution roadmap.
Ensure the platform aligns with compliance management under the Risk Management Framework (RMF).
Translate customer and mission needs into clear product requirements.
Jobgether uses an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Their system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company.
Track program financials, budgets, and funding streams, ensuring alignment with DoD financial planning cycles and interagency funding sources.
Founded in 1989, SOSi is among the largest private, founder-owned technology and services integrators in the defense and government services industry. They deliver tailored solutions, tested leadership, and trusted results to enable national security missions worldwide.
Own and operate compliance programs such as SOC 2, ISO 27001, ISO27701, HIPAA, and TISAX.
Lead and manage internal, external, and customer audits end-to-end.
Track, remediate, and validate 100% of audit findings within agreed SLAs.
Airtable is the no-code app platform that empowers people closest to the work to accelerate their most critical business processes. More than 500,000 organizations rely on Airtable to transform how work gets done and they strive to create a workplace where everyone has an equal opportunity to thrive.
Own and lead enterprise-level compliance programs.
Define and mature ISO 27001 and ISO 42001 control environments and SOX 404 ITGCs.
Act as a subject matter expert and internal consultant for various teams.
Spring Health aims to eliminate mental health barriers with its clinically validated technology, Precision Mental Healthcare. They partner with over 450 companies, providing care for 10 million people and are valued at $3.3 billion.
Analyze existing legal security commitments and compare them against actual product security practices.
Conduct interviews with legal, security, and product stakeholders to document current security posture.
Draft and propose updates to security-related contract language, including security exhibits.
ItD is a consulting and software development company blending diversity, innovation, and integrity with real business results. It rejects strong hierarchy, empowering employees to deliver excellent results and be dynamic self-starters.
Develops and refines performance methodologies that support the cybersecurity requirements.
Oversee independent assessments and review Security Impact Analyses (SIA).
Incorporate compliance data into the Governance, Risk, and Compliance Tool (GRCT).
SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider. It is an established ISO 9001:2015 and ISO/IEC 27001:2013 certified small business and appraised at CMMI Level 3 for Services and Development.
Lead the technical design, implementation, and ongoing security operations of a Microsoft 365 GCC High environment supporting Controlled Unclassified Information (CUI).
Implement and evidence compliance with CMMC Level 2, DFARS 7012, and NIST 800-171 controls.
Act as the technical owner of the GCC High enclave, partnering with Security, Legal, and IT to ensure audit readiness and successful certification by May 2026.
ServiceNow, founded in 2004, is a global market leader providing AI-enhanced technology to over 8,100 customers, including 85% of the Fortune 500. They offer an intelligent cloud-based platform that connects people, systems, and processes to empower organizations to find smarter, faster, and better ways to work.
Develop and lead the enterprise compliance strategy aligned with institutional growth plans and regulatory expectations.
Oversee preparation and submission of substantive change applications and institutional reporting requirements.
Establish enterprise compliance training framework for corporate and campus leaders.
Cotulla Education transforms lives through hands-on, career-focused education. They empower students to achieve their professional dreams in high-demand fields. With experienced faculty providing personalized support, their graduates emerge as future leaders ready to make a significant impact.
Embed privacy-by-design principles into Docker products, services, and internal platforms.
Partner closely with Docker engineering and product teams to integrate privacy requirements into architecture decisions, SDLC processes, and CI/CD pipelines.
Design, develop, and maintain automated GRC and privacy workflows to support compliance monitoring, control testing, DPIAs, risk assessments, reporting, and audit readiness.
Docker makes app development easier so developers can focus on what matters. Their remote-first team spans the globe and they are passionate about innovation and great developer experiences. With over 20 million monthly users and 20 billion image pulls, Docker is a trusted tool for building, sharing, and running apps.
Ensure accuracy and consistency with compliance mandates and supporting documentation standards.
Develop and present data visualization solutions using PowerBI and Power Automate to provide to senior leadership.
Ensure that documentation, policy guidance, and reporting comply with federal standards (e.g., NIST, DHS, and OCIO) and support the ATO, SSA, and OSA processes.
SkyePoint Decisions is a Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider. They focus on enabling their clients to deliver their mission most efficiently and effectively. They are an established ISO 9001:2015 and ISO/IEC 27001:2013 certified small business and appraised at CMMI Level 3 for Services and Development with a collaborative team culture built upon individual performance and accountability.
Lead current ISO 27001, SOC 2, and PCI compliance initiatives.
Spearhead initiatives to identify and improve security risks.
Conduct Risk Assessments within customer systems.
Canadian Bank Note Company (CBN) is a leader and trusted provider of secure document and adjacent enterprise-level system solutions across various domains. They seek long-term relationships with their employees and offer a competitive compensation package, including health, medical, life insurance benefits, and a defined contribution pension plan with company matching.
Lead the end-to-end Certification & Authorization (C&A) process for information systems.
Maintain and update System Security Plans (SSPs), POA&Ms, and other FedRAMP/GovRAMP/NIST documentation artifacts.
Oversee control gap analysis and drive remediation efforts across technical and administrative domains.
EBSCO Information Services (EBSCO) delivers a fully optimized research experience, seamlessly integrated with a powerful discovery platform to support the information needs of our end-users. Headquartered in Ipswich, MA, EBSCO employs more than 2,700 people worldwide, with most embracing hybrid or remote work models.
Oversee third-party and internal risk assessments to support enterprise information security and governance, risk, and compliance (GRC) initiatives.
Manage vendor due diligence, maintains an accurate risk register, partners with internal stakeholders on mitigation strategies.
Drive continuous improvement of the risk and compliance framework.
Concorde Career Colleges is committed to a policy of Equal Employment Opportunity and will not discriminate against an applicant or employee based on race, color, religion, religious creed, national origin, ancestry, sex, age, veteran or military status, or any other legally protected characteristic. Concorde Career Colleges offer short career-focused programs preparing students for the healthcare industry.
Own design for security policy and compliance experiences.
Translate technical complexity into clear experiences.
Partner cross-functionally to shape priorities, scope MVCs, and ensure design quality.
GitLab is the intelligent orchestration platform for DevSecOps. They enable organizations to increase developer productivity, improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation. With over 50 million registered users and a high-performance culture, GitLab values innovation and continuous knowledge exchange.
Lead design for complex security workflows across the software supply chain.
Partner with subject matter experts to transform technical complexity into accessible, value-focused experiences.
Coordinate across multiple security product groups to align on cohesive experiences.
GitLab is an open-core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. His mission is to enable everyone to contribute to and co-create the software that powers our world.
You will review, challenge, and strengthen our systems, act as the security authority within engineering, define guardrails, and drive remediation when risks arise.
Operating independently, you’ll build the structure and standards needed as we scale.
Your mission is to own the company wide security strategy and architecture, ensure CIRO and SOC 2 alignment, and embed strong security practices across infrastructure, applications, and internal systems, while enabling engineering velocity.
Newton is changing how Canadians trade crypto, with the goal to make financial freedom something everyone can achieve by giving customers the tools and knowledge they need to navigate the crypto world. At Newton, you'll work with a remote team spread across Canada.