Drive the implementation and continuous improvement of the ISO 27001 Information Security Management System.
Support SOC 2 Type II compliance efforts, including control implementation and evidence collection.
Own and evolve the company-wide risk management program, including risk register and scoring methodology.
Insider One provides a platform that brings marketing and customer engagement teams everything they need in one place. They are powered by 1,500+ team members representing 50+ nationalities across 30+ offices and are trusted by 2000+ customers.
Support the execution and continuous improvement of Qohash’s security program.
Support risk assessments, track identified risks, and help coordinate remediation efforts.
Maintain security policies, standards, awareness materials, and support internal security training initiatives.
Qohash is building a foundational pillar of Canada’s digital sovereignty, believing security must scale differently. They look for bold, mission-driven individuals with technical depth and strategic clarity who collaborate across disciplines to protect sensitive data.
Oversee the company’s compliance program and policies including audit readiness, and regulatory certification efforts.
Partner with IT Security, Risk, Legal, and Audit teams to ensure project deliverables support compliance with ISO 27001, SOC 1, PCI DSS, and HIPAA/HITECH standards.
Develop IT and Compliance project plans, set deadlines and owners for specific tasks, and track the progress of each project
Element Critical provides hybrid infrastructure solutions in an expanding portfolio of data center facilities across the country. They aim to meet the diverse needs of today’s business and technology leaders by delivering superior service and product offerings, cultivating trusted relationships with their customers, and motivating and enabling their employees.
Monitor, assess, and maintain security controls within cloud environments.
Manage the overall Security Awareness program for Cority.
Provide Security Incident Response support and participate in the development of business cases and presentations on cloud security technologies.
Cority helps customers see and prevent risks across their operations in real time. They are recognized by top analysts and trusted by more than 1,500 of the most complex organizations worldwide.
Lead end-to-end PCI DSS compliance, including CDE scoping and reduction, control implementation/validation, and audit management.
Lead and support SOC 2 Type II attestation initiatives, including TSC mapping, evidence collection, control testing, and remediation tracking
Own the Third-Party Risk Management (TPRM) program, including vendor tiering, risk assessments, and security reviews
HighLevel is an AI-powered business operating system that gives agencies, entrepreneurs and SMBs the infrastructure to build, automate and scale. With over 2,000 team members across 10+ countries, HighLevel operates as a global, remote-first organization built for speed and ownership.
Build and scale the enterprise GRC program, including risk management, compliance, and policy frameworks.
Lead compliance certification programs like SOC 2, HIPAA, and HITRUST, managing audit preparedness and execution.
Oversee GRC platforms and control monitoring while developing policies aligned with frameworks such as NIST and ISO 27001.
Aledade is a public benefit corporation that empowers independent primary care practices to thrive in value-based care by creating value-based contracts across various health plans.The company is the largest network of independent primary care in the country, featuring a collaborative, inclusive, remote-first culture driven by a shared passion for public health.
Develop, maintain, and continuously improve GRC policies, standards, procedures, and control frameworks.
Lead and support SOC 2 Type II, ISO 27001, PCI DSS and other compliance initiatives, including evidence collection, control validation, and remediation tracking.
Partner with Security and Platform teams to ensure controls are technically implemented, not just documented.
HighLevel is an AI powered, all-in-one white-label sales & marketing platform that empowers agencies, entrepreneurs, and businesses to elevate their digital presence and drive growth. With over 1,500 team members across 15+ countries, we operate in a global, remote-first environment.
Own and maintain security and compliance documentation, including policies and procedures.
Support commercial teams in complex information security and compliance negotiations.
Manage ISO 27001 compliance, certification maintenance, and audit preparations.
Gearset handles Salesforce DevOps for some of the world's largest companies. The company operates with a modern approach to security and compliance in a growing, ambitious environment.
Perform interviews, guide junior staff, and be an important contact person for the client.
Test design, implementation, and operating effectiveness for relevant controls in the system for IT Audit and Third Party Assurance projects.
Give solid advice that matches the risks of the organization, the people, and their work ethic in your report.
Africa Talent by Deloitte is a separate legal entity based in South Africa, formed between Deloitte Africa and Deloitte Netherlands to meet the demand for talent in Africa and Europe. They aim to create employment in Africa, invest in African talent, and offer a hybrid work environment.
Support security and compliance programs aligned with frameworks such as NIST, ISO, PCI DSS, and HIPAA.
Assist in maintaining alignment with global privacy regulations (GDPR, CCPA, and similar frameworks).
Assist in the development, implementation, and maintenance of security, privacy, and AI governance policies, standards, and procedures.
Hims & Hers is a health and wellness platform with a mission to help the world feel great through the power of better health. They are redefining healthcare by putting the customer first and delivering access to care that is affordable, accessible, and personal.
Own end-to-end compliance strategy and operations.
Conduct risk assessments and identify compliance risks.
Build compliance programs from ground up and coordinate compliance audits.
Sprinto is an AI-native GRC platform that helps organizations manage risks, audits, vendor oversight, and continuous monitoring from a single connected platform. With a team of 350+ employees serving 3,000+ customers across 75+ countries, Sprinto combines scale with expertise to deliver trust and compliance.
Define and implement end-to-end governance workflows for risk identification, review, acceptance, and monitoring.
Engage stakeholders across business, technology, and security functions to validate workflows and onboard risks.
Produce audit-ready documentation and provide comprehensive knowledge transfer to ensure process sustainability.
Cayuse Civil Services, LLC provides technology solutions and services, likely with a focus on government or civil sectors. The company emphasizes core values of innovation, excellence, collaboration, adaptability, and integrity, and is structured with program managers and a focus on professional teamwork.
Serve as the outsourced CISO for 8–12 clients, providing executive-level security leadership on a fractional basis
Conduct security risk assessments, gap analyses, and penetration testing oversight for prospective and current clients
Develop and maintain security programs, policies, and incident response plans tailored to each client's risk profile and regulatory environment
Reputation Management Consultants (RMC) is an affiliated organization with a premier advisory firm specializing in reputation management and strategic consulting for mid-market companies and high-profile clients. They are launching a dedicated cybersecurity division to address a critical truth our clients face every day: a data breach is a reputation event; and are building an AI-powered cybersecurity practice from the ground up.
Apply compliance frameworks to assess, design, and implement security controls.
Conduct compliance gap assessments and develop remediation plans.
Create and maintain key documentation tailored to client needs.
AHEAD builds platforms for digital business by weaving together advances in cloud infrastructure, automation and analytics, and software delivery. They prioritize creating a culture of belonging where all perspectives and voices are represented, valued, respected, and heard.
Execute end-to-end third-party and vendor risk assessments.
Develop, maintain, and enhance risk metrics, dashboards, and reporting.
Assist with additional GRC activities as needed, including policy management, risk assessments, control testing, and compliance initiatives
Aprio is a Top 20 CPA and advisory firm that accounts for anything. With over 3,200 team members and 40 U.S. office locations, plus international offices, they bring proven expertise and strategic foresight to fast-growing industries.
Responsible for managing and growing a comprehensive third-party risk management program across the organization.
Ensuring that Privia Health's information assets are safeguarded against cyber threats originating from third and fourth parties.
Leading the Third Party Access Committee (TPAC), driving compliance with regulations and implementing industry best practices for vendor risk management.
Privia Health is a technology-driven, national physician enablement company that collaborates with medical groups, health plans, and health systems to optimize physician practices, improve patient experiences, and reward doctors for delivering high-value care. The Privia Platform is led by top industry talent and exceptional physician leadership.
Support HITRUST readiness and assessment projects by assisting with documentation collection, review, and organization.
Help track and validate evidence provided by clients against HITRUST requirements.
Assist with control mapping and documentation preparation under the guidance of senior auditors.
Insight Assurance is a global audit firm on a mission to transform how organizations achieve cybersecurity and compliance. Founded by former Big 4 (EY) professionals, they deliver next-generation audit services across SOC 2, ISO 27001, PCI DSS, HITRUST, CMMC, and FedRAMP frameworks. Recognized on the Inc. 5000 and Fast 50 lists, Insight Assurance is one of the fastest-growing global audit firms, with 180+ professionals supporting nearly 2,000 clients across the Americas, EMEA, and APAC.
Manage, direct, and monitor multiple client engagements, coordinating workflow and staffing for financial audit projects.
Maintain active client communication to manage expectations, ensure satisfaction, and serve as a business advisor for improvement recommendations.
Manage firm risk on audits, develop and mentor staff, and participate in recruiting and business development activities.
BerryDunn is a professional services firm that provides tax, advisory, consulting, and attest services to businesses, nonprofits, and government agencies. The firm is client-centered and people-first, focused on empowering growth and recognized for its diverse, inclusive workplace culture and emphasis on learning, development, and well-being.
Define and evolve a multi-year enterprise security roadmap aligned to business objectives and risk appetite across all business units.
Lead the unification of security programs, toolsets, and policies inherited from Transact and CBORD into a single enterprise-class operation.
Own and maintain compliance programs including SOC 2, PCI DSS, HITRUST, TX-RAMP, GovRAMP, FERPA, and HIPAA, securing SaaS platforms and cloud environments.
Illumia provides secure, intelligent technology solutions to streamline operations for education, healthcare, and corporate enterprises. As a portfolio company of Roper Technologies with over 1,750 client institutions, we foster an inclusive culture built on values of Authenticity, Responsibility, Passion, and Excellence, empowering diverse teams to deliver their best work.
Owns and manages the organization’s enterprise certification frameworks.
Develop and maintain policies and procedures supporting certification frameworks.
Support proposal teams by validating and documenting certification compliance.
Lynker Corporation is a leading provider of innovative solutions in weather and climate science. They leverage cutting-edge technologies and scientific expertise to support improved operational weather forecasts. Lynker is a growing, employee-owned business specializing in professional, scientific, and technical services with a team-oriented work environment.