Lead the end-to-end Certification & Authorization (C&A) process for information systems.
Maintain and update System Security Plans (SSPs), POA&Ms, and other FedRAMP/GovRAMP/NIST documentation artifacts.
Oversee control gap analysis and drive remediation efforts across technical and administrative domains.
EBSCO Information Services (EBSCO) delivers a fully optimized research experience, seamlessly integrated with a powerful discovery platform to support the information needs of our end-users. Headquartered in Ipswich, MA, EBSCO employs more than 2,700 people worldwide, with most embracing hybrid or remote work models.
Assess and improve client security and IT controls.
Develop policies, processes, and risk assessments aligned to top frameworks like NIST, ISO 27001, and SOC 2.
Translate technical and regulatory requirements into clear, actionable steps for our clients.
Hotman Group is a rapidly growing boutique firm redefining cybersecurity and GRC. They help business leaders earn and keep customer trust through expert guidance and a commitment to quality, fostering a collaborative environment where every voice matters.
Perform internal audits and vulnerability testing, ensuring security controls are monitored.
Lead security architecture governance for internal IT and projects, using Unified Architecture Framework.
Maintain compliance with security requirements and develop roadmaps to address evolving threats.
Jobgether is a platform connecting job seekers with companies. It uses AI-powered matching to ensure applications are reviewed quickly and fairly, identifying top candidates for employers.
Work with private equity and portfolio company clients, consulting on how to apply an information security vision and strategy in alignment with customer business objectives.
Work with customers to assess and address information security risks.
Assist in managing customer security programs including the achievement and/or maintenance of key compliance initiatives such as SOC, ISO27001, NIST, PCI, and SOX.
Crosslake supports changemakers and helps them buy, build, and run better technology. They believe in a programmatic, proactive approach to actively manage technology throughout the investment lifecycle.
You will review, challenge, and strengthen our systems, act as the security authority within engineering, define guardrails, and drive remediation when risks arise.
Operating independently, you’ll build the structure and standards needed as we scale.
Your mission is to own the company wide security strategy and architecture, ensure CIRO and SOC 2 alignment, and embed strong security practices across infrastructure, applications, and internal systems, while enabling engineering velocity.
Newton is changing how Canadians trade crypto, with the goal to make financial freedom something everyone can achieve by giving customers the tools and knowledge they need to navigate the crypto world. At Newton, you'll work with a remote team spread across Canada.
Support the ISSO with information system security activities.
Perform Assessment and Authorization efforts under the Risk Management Framework.
Develop and maintain RMF documentation and coordinate vulnerability remediation.
GovCIO transforms government IT with innovative services and solutions. They foster a collaborative, team-oriented culture where employees' talents drive success.
Provide consistent and qualified responses to tenders and assurance questionnaires from customers.
Produce and maintain security assurance documentation required for accreditation.
Ensure compliance with relevant security standards, service management procedures, regulations, and industry best practices.
NEC Software Solutions is part of global tech giant NEC Corporation and has over 3,000 employees. They provide software to dispatch ambulances, support families, keep trains on the move, locate missing people and even test the hearing of newborn babies, working with governments, hospitals, police forces, housing providers, local authorities and more.
MicroTech is an award-winning Service-Disabled Veteran-Owned Small Business (SDVOSB) that provides information technology and communications solutions. They focus on providing cutting-edge solutions with the customer at the forefront, solving complex business challenges to increase productivity and decrease costs.
Collaborate with business leadership, Legal, Procurement, and Cyber to review terms and conditions.
Track status of risk remediations in the risk register with business stakeholders.
Contribute to overall program enhancements and drive automation with various IT and Cybersecurity stakeholders.
NBCUniversal is a leading global media and entertainment company creating content across film, television, and streaming. They operate theme parks and own brands like NBC, Telemundo, and Universal Pictures. The company values improving communities and promotes an inclusive culture to reflect the diversity of the world.
Lead development of security strategy aligned to client business goals.
Guide risk management practices including risk registers and threat modeling.
Provide executive-level oversight of regulatory compliance programs.
Jobgether uses an AI-powered matching process to ensure applications are reviewed fairly. Their system identifies the top-fitting candidates and shares this shortlist with the hiring company.
Own day-to-day execution of SOC 1, SOC 2, PCI DSS, and ISO 27001 readiness and audit cycles.
Develop and maintain policies, procedures, risk assessments, control narratives, and supporting documentation.
Facilitate risk assessments for systems, vendors, products, and business initiatives.
Astra is building mission-critical infrastructure for moving money at scale. Their platform processes billions in annual transaction volume with 99.9%+ uptime, powering real-time transfers, bank debits, card disbursements, and complex financial compliance systems.
Assist in the preparation and execution of third-party audits and assessments.
Support the development and maintenance of Eltropy’s GRC program.
Conduct and manage vendor security assessments, maintain risk tracking, and ensure third-party compliance.
Eltropy is a FinTech company aiming to transform financial service access. They provide an AI-enabled digital conversations platform for community financial institutions to enhance operations, engagement, and productivity.
Conduct day-to-day risk ticket analysis and lead in-depth assessments of product launches and infrastructure changes.
Further operationalize and mature the One Twilio Risk Management framework leveraging risk management frameworks.
Build and optimize automated workflows that bridge the gap between compliance requirements and engineering productivity.
Twilio is shaping the future of communications, delivering innovative solutions to hundreds of thousands of businesses and empowering millions of developers worldwide. They have a strong culture of connection and global inclusion and are dedicated to remote-first work.
Lead current ISO 27001, SOC 2, and PCI compliance initiatives.
Spearhead initiatives to identify and improve security risks.
Conduct Risk Assessments within customer systems.
Canadian Bank Note Company (CBN) is a leader and trusted provider of secure document and adjacent enterprise-level system solutions across various domains. They seek long-term relationships with their employees and offer a competitive compensation package, including health, medical, life insurance benefits, and a defined contribution pension plan with company matching.
Lead the configuration and management of GRC tools to ensure integration with security systems.
Manage the main dashboard for SOC 2 reporting, ensuring accuracy and compliance.
Develop and maintain a comprehensive risk management program and conduct risk assessments.
Engine is transforming business travel into something personalized, rewarding, and simple. They have over 20,000 companies relying on Engine to support over 1 million travelers and billions in annual bookings each year and have been recognized as one of the fastest-growing travel and fintech platforms in North America.
Lead security governance, risk management, and compliance efforts.
Oversee security operations and incident response.
Partner with IT, Clinical Operations, Privacy, and Compliance to ensure regulatory requirements and industry frameworks.
Tuesday Health is a value-based palliative care provider group dedicated to transforming serious illness and end-of-life care. Through their leading-edge care model, Tuesday Health is shaping the future of community-based palliative care nationwide.
Maintain virtual servers and networking equipment.
Administrate, configure the Microsoft 365 Admin center to comply with CMMC and DFARS.
Maintain compliance with CMMC and DFARS
Allegheny Science & Technology (AST) is a company that provides technology and engineering solutions. They value expertise and offer career-building opportunities.
Serve as a security point of contact for external customers deploying into regulated cloud environments.
Implement and operate security controls required for FedRAMP Moderate/High, aligned to NIST SP 800-53.
Implement security and compliance gates in CI/CD pipelines to prevent non-compliant infrastructure or code from reaching production.
Knox runs the largest Federal managed cloud, building and operating secure cloud and AI environments that support the U.S. government’s most critical missions. Their work is high-impact and purpose-driven, expecting speed, rigor, and trust.
Serve as the primary vCISO and subject matter expert for multiple clients.
Lead data-centric cybersecurity programs aligned to business risk.
Manage, mentor, and develop vCISO team members.
Coretelligent partners with growing, highly regulated organizations that need secure, dependable IT environments built to scale. They deliver managed IT, cybersecurity, cloud, and strategy, through a model designed for consistency, transparency, and trust. They are building a team of professionals who care deeply about quality, ownership, and continuous improvement.