Source Job

• Support security and compliance programs aligned with frameworks such as NIST, ISO, PCI DSS, and HIPAA.
• Assist in maintaining alignment with global privacy regulations (GDPR, CCPA, and similar frameworks).
• Assist in the development, implementation, and maintenance of security, privacy, and AI governance policies, standards, and procedures.

Hims & Hers is a health and wellness platform with a mission to help the world feel great through the power of better health. They are redefining healthcare by putting the customer first and delivering access to care that is affordable, accessible, and personal.

• Apply compliance frameworks to assess, design, and implement security controls.
• Conduct compliance gap assessments and develop remediation plans.
• Create and maintain key documentation tailored to client needs.

AHEAD builds platforms for digital business by weaving together advances in cloud infrastructure, automation and analytics, and software delivery. They prioritize creating a culture of belonging where all perspectives and voices are represented, valued, respected, and heard.

• Safeguard assets and global reputation, acting as a strategic partner.
• Lead risk mitigation strategies and ensure compliance with global standards.
• Develop a world-class GRC program that aligns with strategic goals.

EcoVadis is the leading provider of business sustainability ratings. Our solutions are backed by an international team of experts and powerful technology. They analyze data and build sustainability scorecards that give companies actionable insights into their environmental, social and ethical risks.

• Enhances the strategic pillars of a security compliance program and facilitate day-to-day compliance operations.
• Involved in multiple areas of the business where compliance and security impact operations.
• Works on assignments that are complex and require professional skepticism, judgment, initiative, and knowledge of SaaS Company positions.

Optro is the leading audit, risk, ESG, and InfoSec platform on the market, surpassing $300M ARR and continuing to grow. More than 50% of the Fortune 500 leverage their award-winning technology. They inspire each other to innovate and are proud of what they are producing.

• Implement and manage the NIST Risk Management Framework (RMF) to achieve and maintain compliance.
• Drive the data privacy program by conducting Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs).
• Design and execute a continuous internal audit program to validate the effectiveness of controls.

IonQ delivers solutions to solve the world’s most complex problems with quantum computing. IonQ's newest generation quantum computers, IonQ Tempo and IonQ Forte Enterprise, help customers and partners such as Amazon Web Services, AstraZeneca, and NVIDIA achieve 20x performance results.

• Support the execution and continuous improvement of Qohash’s security program.
• Support risk assessments, track identified risks, and help coordinate remediation efforts.
• Maintain security policies, standards, awareness materials, and support internal security training initiatives.

Qohash is building a foundational pillar of Canada’s digital sovereignty, believing security must scale differently. They look for bold, mission-driven individuals with technical depth and strategic clarity who collaborate across disciplines to protect sensitive data.

• Conduct ongoing risk reviews and maintain an up-to-date risk register.
• Support risk assessments across critical business processes and systems.
• Partner with stakeholders to develop and track risk mitigation plans through resolution.

Radicle Health offers human services software products to foster collaboration and innovation, aiding organizations in better serving communities. They believe technology is crucial for the human services sector's success, housing mission-driven products that support organizations in delivering essential services.

• Owns and manages the organization’s enterprise certification frameworks.
• Develop and maintain policies and procedures supporting certification frameworks.
• Support proposal teams by validating and documenting certification compliance.

Lynker Corporation is a leading provider of innovative solutions in weather and climate science. They leverage cutting-edge technologies and scientific expertise to support improved operational weather forecasts. Lynker is a growing, employee-owned business specializing in professional, scientific, and technical services with a team-oriented work environment.

• Own our security and compliance documentation accurate and up to date.
• Support our commercial teams in complex information security and compliance negotiations.
• Take ownership of maintaining our current ISO 27001 compliance and certification.

Gearset is trusted by some of the largest companies in the world to handle their Salesforce DevOps. They are committed to protecting data through a modern approach to security and compliance.

• Lead the ongoing maintenance and operation of secure cloud infrastructures, focusing on AWS and cloud-native technologies.
• Secure applications built for cloud environments by automating security assessments, monitoring runtime environments, and integrating security practices into the development lifecycle.
• Implement robust security controls for cloud workloads and data, including containers, virtual machines, and serverless architectures.

Ro is a direct-to-patient healthcare company with a mission of helping patients achieve their health goals by delivering the easiest, most effective care possible. Ro is the only company to offer nationwide telehealth, labs, and pharmacy services and is recognized as a top workplace, earning more than 20 honors since 2021.

• Accelerate Onebrief’s execution of GRC programs supporting NIST RMF, FedRAMP High, CMMC, and SOC2 authorizations
• Develop and manage integrated project plans for control implementation, remediation, and continuous monitoring
• Coordinate cross-functional teams (Infrastructure, Engineering, Product) to ensure timely delivery of compliance requirements

Onebrief provides collaboration and AI-powered workflow software designed specifically for military staffs, aiming to make them faster, smarter, and more efficient. Valued at $2.15B, the company has raised $320m+ from top-tier investors and operates as an all-remote company.

• Apply the Risk Management Framework (RMF) to support system authorization activities.
• Develop and maintain RMF artifacts and coordinate with stakeholders to ensure systems meet security compliance requirements.
• Support the design, implementation, and maintenance of secure cloud architectures.

EXPANSIA delivers high-impact technologies, technology-enabled services and advanced manufacturing solutions to the U.S. Department of Defense and related national security customers. They operate as a multi-entity aerospace and defense technology and tech-enabled services and manufacturing enterprise positioned for scalable growth, operational excellence, and long-term value creation.

• Own end-to-end compliance strategy and operations.
• Conduct risk assessments and identify compliance risks.
• Build compliance programs from ground up and coordinate compliance audits.

Sprinto is an AI-native GRC platform that helps organizations manage risks, audits, vendor oversight, and continuous monitoring from a single connected platform. With a team of 350+ employees serving 3,000+ customers across 75+ countries, Sprinto combines scale with expertise to deliver trust and compliance.

• Support the design, implementation, and maintenance of secure cloud architectures in accordance with program and security requirements.
• Conduct risk and vulnerability assessments and assist with developing mitigation strategies.
• Implement and maintain security configurations to ensure the confidentiality, integrity, and availability of systems.

EXPANSIA, along with JHNA and CTSi, forms a Defense Technology platform delivering high-impact technologies to the U.S. Department of Defense and related national security customers. They operate as a multi-entity aerospace and defense technology and tech-enabled services and manufacturing enterprise positioned for scalable growth and operational excellence.

• Design and maintain secure architectures across AWS, Azure, and GCP environments.
• Collaborate with DevOps and Engineering to integrate security into CI/CD pipelines.
• Monitor alerts, investigate incidents, and coordinate responses with the SOC.

Reveleer provides a cloud-based healthcare SaaS platform. They are an equal opportunity employer that values diversity and does not discriminate based on race, religion, or other protected characteristics.

• Helping define the security operations roadmap by designing and implementing long term strategies
• Improve and maintain processes, tooling, documentation and training to mature and enhance cybersecurity incident response
• Design, implement and maintain security events monitoring systems

Docplanner empowers patients by giving them access to leave and read reviews about their visit and also provides doctors with the technology to manage bookings easily and save time. They are leaders in 13 countries with over 2,500 employees globally, maintaining a startup-mindset.

• Secure cloud-based environments by designing and implementing native security solutions using services.
• Drive Continuous RMF practices, automating control implementation and reporting through modern methodologies like Continuous Authorization to Operate.
• Automate provisioning and configuration of IT environments and implement and manage security measures like firewalls, IDS/IPS, vulnerability scanning, encryption, and ICAM solutions.

Rise8 builds custom, secure software for government organizations, measuring success by impact: lives saved, time returned, and missions advanced. They believe customer experience starts with employee experience, so they take care of their employees and offer competitive pay and benefits, autonomy, growth, and a culture rooted in kindness, candor, and continuous learning.

• Serves as the premier cybersecurity authority within the TALON program.
• Provides strategic advisory services to TSA’s IT leadership on cybersecurity risk management, security architecture, and compliance program maturity.
• Serves as the senior cybersecurity advisor, providing real-time technical guidance to TSA stakeholders and the O&M contractor in support of rapid issue resolution.

DMI is a leading provider of digital services and technology solutions, headquartered in Tysons Corner, VA. They focus on end-to-end managed IT services, including managed mobility, cloud, cybersecurity, network operations, and application development, supporting public sector agencies and commercial enterprises around the globe.

• Own CMMC 2.0 and SOC 2 end-to-end, including control design and implementation.
• Lead all IT functions supporting corporate and program needs, owning IT architecture and tooling decisions.
• Provide guidance and escalation support for IT hardware/software issues; mentor IT Support Specialist & Cloud Infrastructure Engineer.

DEFCON AI leverages artificial intelligence, mathematical optimization, data analytics, and software engineering for resilient optimization of complex systems. They align outcomes with operational goals, better decision making, and empower customers to anticipate, assess, and mitigate the impacts of disruptions.

• Execute end-to-end third-party and vendor risk assessments.
• Develop, maintain, and enhance risk metrics, dashboards, and reporting.
• Assist with additional GRC activities as needed, including policy management, risk assessments, control testing, and compliance initiatives

Aprio is a Top 20 CPA and advisory firm that accounts for anything. With over 3,200 team members and 40 U.S. office locations, plus international offices, they bring proven expertise and strategic foresight to fast-growing industries.