Focus on developing and delivering compliance solutions and strategies for Commercial, Defense Industrial Base, and State/Local customers.
Conduct compliance audits, assessments, and gap analyses to identify areas for improvement.
Author policies, plans, and procedures in CJIS and FedRAMP environments while serving as a trusted advisor to customers.
Planet Technologies is the leading provider of Microsoft consulting services to public sector and commercial organizations, specializing in building custom solutions that transform business operations. They are a growing team with collaborative peers and caring leaders, focused on high-profile client projects.
Manage and support compliance certifications including SOC 2, HITRUST, and ISO 27001 audits across the audit lifecycle.
Serve as the subject matter expert across the company on compliance frameworks and primary point of contact for external auditors.
Maintain the risk register, drive risk identification and reporting, and scale GRC function with AI and automation.
Garner transforms the healthcare economy by partnering with employers to redesign healthcare benefits using data-driven insights. It is a fast-growing healthcare technology company with a mission-driven team focused on making healthcare more affordable and high-quality.
Lead and execute RMF compliance activities in accordance with DoD and NIST requirements, supporting system accreditation and ATO efforts.
Conduct STIG and SRG assessments across Windows, Linux, database, cloud, and application environments using tools such as SCC and STIG Viewer.
Analyze vulnerability scan results, develop and maintain POA&Ms, and track remediation activities to closure.
Peraton is a next-generation national security company that drives missions of consequence across land, sea, space, air, and cyberspace. As a leading mission capability integrator and enterprise IT provider, we deliver trusted solutions to protect our nation and allies, supporting essential government agencies and every branch of the U.S. armed forces.
Own and manage the compliance program including SOC 2 and ISO 27001 readiness and audits.
Lead risk assessments, control testing, and enterprise risk management processes.
Partner with Engineering, Security, Product, Legal, HR, and Operations to embed compliance into business processes.
Calendly is a scheduling platform used by millions to automate meetings and streamline time management. They are a rapidly growing SaaS company fostering a culture of learning and high performance.
Maintain Risk Management Framework artifacts for DevSecOps pipeline inheritance of NIST SP 800-53 controls.
Complete and validate STIG/SRG checklists quarterly and provide monthly application STIG status reports.
Evaluate program risks, document mitigation strategies, and recommend courses of action to ensure continuous ATO compliance.
DecisionPoint is a company providing cloud services and DevSecOps solutions, supporting ARTRANS AWS environments. It is a regular full-time employer fostering a culture of security and compliance, with an active Secret clearance required for this role.
Lead and execute CMMC Level 2 gap assessments against all 110 NIST SP 800-171 Rev 2 practices.
Author and maintain SSPs, POA&Ms, policies, and procedures using NIST SP 800-171A methodology.
Serve as the primary technical point of contact for DIB accounts across the compliance lifecycle.
Agile IT is a Microsoft partner and Cyber AB RPO that helps defense contractors meet CMMC compliance in Microsoft cloud environments. The company is in a high-growth phase and lives by its RISE values of Reliability, Integrity, Stewardship, and Excellence.
Serve as a primary compliance resource embedded in the Alma-to-Spring Health integration, mapping control environments and building a unified compliance organization.
Own and lead enterprise-level compliance programs including SOC 2 Type II, HITRUST, HIPAA, GDPR, ISO 27001, ISO 42001, and ITGC-SOX.
Develop and operationalize Spring Health's AI governance program, including policies, risk frameworks, and AI-specific compliance documentation.
Spring Health is a global mental health company on a mission to eliminate every barrier to mental health. With outcomes independently validated by JAMA Network Open, Spring Health reaches more than 170 million people worldwide through leading employers, health plans, and partners.
Monitor security alerts, vulnerabilities, and incidents across enterprise systems and assist in incident response.
Maintain compliance with standards such as NIST CSF, ISO 27001, and SOC 2 through audits and policy development.
Conduct security risk assessments, evaluate controls, and track remediation plans.
Mission Critical Group is an end-to-end power solutions and services provider that accelerates time-to-power for mission critical environments. With over 1.5 million square feet of U.S. manufacturing capacity, they support data centers, healthcare, and industrial facilities.
Lead Risk Management Framework activities for a federal AI platform deployment in AWS GovCloud.
Own authorization artifacts and coordinate with ISSOs and Authorizing Officials for ATO.
Partner with platform engineers on cloud and container security, vulnerability management, and hardening.
LMI is a digital solutions provider dedicated to accelerating government impact with innovation and speed, bringing commercial-grade platforms and mission-ready AI to federal agencies. Headquartered in Tysons, Virginia, it serves the defense, space, healthcare, and energy sectors, with a culture more startup than traditional government contractor.
Maintain and improve the Quality Management System (QMS) and support compliance with CMMI, CMMC, and ISO standards.
Support government contract compliance, coordinate audits, and manage documentation for contracts and IDIQ vehicles.
Develop dashboards and reports for compliance, audits, and PMO maturity metrics.
True Zero Technologies is a veteran-owned small business that focuses on enabling people and technology to drive quality outcomes. The company has been recognized as a Best Places to Work honoree and has appeared on the Inc. 5000 list of fastest-growing companies, reflecting its people-first culture and commitment to excellence.
Develop and maintain the enterprise IT GRC strategy, framework, and roadmap, presenting updates to executive leadership.
Lead enterprise IT risk assessments, maintain risk registers, and oversee remediation efforts.
Ensure compliance with regulations like NIST, ISO 27001, SOC, PCI-DSS, HIPAA, GDPR, and SOX.
Mission Critical Group is an end-to-end power solutions and services provider that accelerates time-to-power for mission critical environments. With over 1.5 million square feet of U.S. manufacturing capacity, the company supports data centers, healthcare, and industrial facilities where uptime is non-negotiable.
Design and implement a comprehensive GRC framework addressing both traditional security controls and novel AI safety considerations.
Lead engagements with external auditors to obtain critical security certifications like SOC 2, ISO 27001/27701/42001, and FedRAMP.
Partner with AI research teams to develop and implement appropriate safeguards and controls for machine learning systems.
Runway builds AI to simulate the world through merging art and science, focusing on world models for progress in artificial intelligence. Our team consists of creative, open-minded, caring, and ambitious people determined to change the world, striving to continuously build impossible things.
Lead end-to-end third-party audits, evidence collection, and compliance onboarding for new products and features.
Partner with cross-functional teams to design and validate internal controls across SOX, SOC, HIPAA, and PCI frameworks.
Drive continuous improvement by standardizing processes, reducing manual effort, and collaborating on automated compliance monitoring.
Jobgether uses AI-powered matching to streamline job applications. They are a company focused on connecting candidates with hiring employers through automated shortlisting, with a transparent and flexible work culture.
Collaborate with cross-functional teams to apply cybersecurity best practices across systems, applications, and cloud environments.
Lead portions of cybersecurity assessments across the technology stack, identifying vulnerabilities and recommending remediation strategies.
Assist in shaping cybersecurity risk management activities, helping prioritize and guide security initiatives to protect critical assets.
Rise8 builds custom, secure software for government organizations, measuring success by impact: lives saved, time returned, and missions advanced. Certified as a Great Place to Work® with 100% of employees saying they love working here, Rise8 offers a culture rooted in kindness, candor, and continuous learning.
Lead the technical work to achieve and maintain compliance certifications (SOC 2, ISO 27001, and the upcoming FedRAMP process)
Design and implement security controls across AWS infrastructure, CI/CD pipelines, Kubernetes, and application deployments
Build the automation, logging, and evidence collection required for continuous compliance
Zafran's mission is to stop the exploitation of vulnerabilities everywhere, using an Exposure Graph that maps and neutralizes real attack paths. Backed by Menlo Ventures, Sequoia Capital, and Cyberstarts, they are one of the fastest-growing companies in cybersecurity, with a culture of meaningful work and challenging teammates.
Manage security compliance programs against frameworks like PCI-DSS, NIST, and SOC 1/2, leveraging automation tools for continuous assessment.
Oversee identity and access management, including automated provisioning audits and anomaly detection.
Collaborate with engineering, DevOps, and product teams to integrate compliance into CI/CD and cloud infrastructure.
Prosper is a FinTech company focused on improving financial well-being. It is a growing company with a collaborative culture and offers resources for professional growth and holistic well-being.
Perform detailed architecture and technical design reviews on the full stack for vendor solutions.
Conduct architecture reviews of Cloud Service Providers authorization packages to validate secure design and compliance.
Lead and conduct architecture interviews with CSPs to ensure critical control areas are designed to meet program requirements.
Valiant Solutions is a security-focused IT solutions provider with public clients nationwide. Named one of the fastest growing privately held companies by Inc. 5000, Washington Technology’s Fast 50, and Washington Business Journal’s Best Places to Work in the D.C. area, the company prides itself on providing employees with great benefits and career development opportunities.
Manage ISACA's credentialing program policies and ensure compliance with ISO/IEC 17024:2026 standard.
Design and implement controls to mitigate risks associated with exam IP and certification fraud.
Oversee credentialing policy-driven activities and collaborate with internal teams to maintain exam integrity.
ISACA champions the global workforce advancing trust in technology. For more than 55 years, ISACA has empowered its community of 195,000+ members with knowledge, credentials, training and network.
Execute SOC 1, SOC 2, SOC 3 examinations and other security audits.
Evaluate the design and effectiveness of technology controls and identify findings.
Supervise and provide performance management for IT audit staff.
Insight Assurance is a global audit firm on a mission to transform how organizations achieve cybersecurity and compliance. Founded by former Big 4 professionals, the firm is one of the fastest-growing global audit firms with 170+ professionals supporting nearly 2,000 clients.
Partner with the CISO to drive security strategy, roadmap, and execution across application security, GRC, and operations.
Support compliance initiatives including PCI, SOC 2, ISO 27001, DORA, and FedRAMP readiness.
Serve as a trusted security leader in customer-facing settings, translating technical risks into business language.
Sardine is the leading agentic risk platform for fighting financial crime, integrating data across risk teams to stop fraud and automate AML operations. With over 6 billion profiled devices and 800 million consumers, we maintain a remote-first culture that values performance over hours worked.