Manage and support compliance certifications including SOC 2, HITRUST, and ISO 27001 audits across the audit lifecycle.
Serve as the subject matter expert across the company on compliance frameworks and primary point of contact for external auditors.
Maintain the risk register, drive risk identification and reporting, and scale GRC function with AI and automation.
Garner transforms the healthcare economy by partnering with employers to redesign healthcare benefits using data-driven insights. It is a fast-growing healthcare technology company with a mission-driven team focused on making healthcare more affordable and high-quality.
Design and implement a comprehensive GRC framework addressing both traditional security controls and novel AI safety considerations.
Lead engagements with external auditors to obtain critical security certifications like SOC 2, ISO 27001/27701/42001, and FedRAMP.
Partner with AI research teams to develop and implement appropriate safeguards and controls for machine learning systems.
Runway builds AI to simulate the world through merging art and science, focusing on world models for progress in artificial intelligence. Our team consists of creative, open-minded, caring, and ambitious people determined to change the world, striving to continuously build impossible things.
Manage security compliance programs against frameworks like PCI-DSS, NIST, and SOC 1/2, leveraging automation tools for continuous assessment.
Oversee identity and access management, including automated provisioning audits and anomaly detection.
Collaborate with engineering, DevOps, and product teams to integrate compliance into CI/CD and cloud infrastructure.
Prosper is a FinTech company focused on improving financial well-being. It is a growing company with a collaborative culture and offers resources for professional growth and holistic well-being.
Lead control program maturity by designing an auditable framework fitting ezCater's SaaS, cloud, data, and engineering environment.
Build continuous control monitoring and automation by partnering with engineering teams to implement automated testing and evidence collection.
Expand data security policy and program quality by defining clear, enforceable policies tied to technical practices and operating cadences.
ezCater is the #1 food tech platform for workplaces in the US, making it easy for organizations to manage food needs and order from over 125,000 restaurants nationwide. The company values work/life harmony and offers a collaborative, innovative environment with passionate colleagues.
Lead and execute RMF compliance activities in accordance with DoD and NIST requirements, supporting system accreditation and ATO efforts.
Conduct STIG and SRG assessments across Windows, Linux, database, cloud, and application environments using tools such as SCC and STIG Viewer.
Analyze vulnerability scan results, develop and maintain POA&Ms, and track remediation activities to closure.
Peraton is a next-generation national security company that drives missions of consequence across land, sea, space, air, and cyberspace. As a leading mission capability integrator and enterprise IT provider, we deliver trusted solutions to protect our nation and allies, supporting essential government agencies and every branch of the U.S. armed forces.
Work collaboratively with a team of assessors as a federal compliance specialist, planning and executing assessments for clients.
Draft audit observations, lead interview walkthroughs, and assess security vulnerabilities against appropriate frameworks.
Prepare and review assessment reports, educate clients on compliance activities, and manage priorities to achieve delivery targets.
Coalfire is on a mission to make the world a safer place by solving clients’ hardest cybersecurity challenges. They are thought leaders, consultants, and cybersecurity experts, and a team of passionate problem-solvers with offices across the U.S. and U.K.
Respond to customer and prospect security/compliance questions and improve repeatable processes and evidence quality.
Upsun is the cloud application platform for hybrid teams, enabling developers to build, ship, and scale confidently without managing backend infrastructure. The company has a remote, global workforce and fosters a multicultural, open, and inclusive culture with a focus on open source and innovation.
Write and maintain security compliance documentation including agency policies and technical baselines.
Translate federal regulations like NIST and FISMA into clear, actionable policies for technical and non-technical audiences.
Collaborate with system owners and stakeholders to ensure documentation aligns with IT standards and organizational needs.
Valiant Solutions is a security-focused IT solutions provider serving public clients nationwide. Named one of the fastest growing privately held companies and a Best Place to Work, we pride ourselves on an employee-centric culture and work-life balance.
Provide internal control assessments and deficiency tracking for federal clients.
Prepare briefing materials, reports, and training content to support compliance.
Support business process walkthroughs and document process narratives or flowcharts.
Significance is a woman-owned consulting firm serving the federal government, known for building trusted relationships and implementing innovative solutions. The company has been named a Washington Business Journal Best Place to Work for seven consecutive years, emphasizing a strong culture.
Own and strengthen the controls environment, ensuring compliance requirements are effectively implemented and maintained.
Support and mature the GRC program, including SOC 2 operations and alignment with security frameworks such as NIST.
Build and maintain Business Continuity and Disaster Recovery programs, including BIAs, continuity plans, and recovery runbooks.
Mesh enables consumers to pay and be paid with any asset, bridging the gap between tokenized assets and everyday commerce. Backed by investors like PayPal Ventures and Paradigm, they are a high-growth company building the infrastructure for the global economy.
Leads execution and ongoing management of NERC reliability and CIP compliance program across all registered sites.
Directly manages the NERC Technical Compliance Manager and partners closely with the VP of Asset Operations on program strategy and resource planning.
Oversees GADS data collection and reporting, ensures timely quarterly submissions, and maintains the feedback loop from compliance activities into the project pipeline.
Silicon Ranch is a fully integrated provider of customized renewable energy, carbon, and battery storage solutions for partners across North America. The company is known for putting community partnerships first, owning and operating all its solar ranches with a 100% track record for successful delivery, and fostering a diverse and inclusive workplace.
Perform detailed architecture and technical design reviews on the full stack for vendor solutions.
Conduct architecture reviews of Cloud Service Providers authorization packages to validate secure design and compliance.
Lead and conduct architecture interviews with CSPs to ensure critical control areas are designed to meet program requirements.
Valiant Solutions is a security-focused IT solutions provider with public clients nationwide. Named one of the fastest growing privately held companies by Inc. 5000, Washington Technology’s Fast 50, and Washington Business Journal’s Best Places to Work in the D.C. area, the company prides itself on providing employees with great benefits and career development opportunities.
Lead and execute CMMC Level 2 gap assessments against all 110 NIST SP 800-171 Rev 2 practices.
Author and maintain SSPs, POA&Ms, policies, and procedures using NIST SP 800-171A methodology.
Serve as the primary technical point of contact for DIB accounts across the compliance lifecycle.
Agile IT is a Microsoft partner and Cyber AB RPO that helps defense contractors meet CMMC compliance in Microsoft cloud environments. The company is in a high-growth phase and lives by its RISE values of Reliability, Integrity, Stewardship, and Excellence.
Manage the lifecycle of information security policies, standards, and procedures, coordinating reviews and approvals.
Support security awareness initiatives, including training content and phishing simulation campaigns.
Develop governance metrics, dashboards, and reports to track compliance and program effectiveness.
Oportun is a mission-driven financial services company that offers responsible credit, savings, and budgeting tools to help members achieve financial goals. With over $21.3 billion in credit provided and a diverse, inclusive culture, the company serves those left out of the financial mainstream.
Support the day-to-day security posture of systems across cloud and on-prem environments, including vulnerability management and remediation tracking.
Partner with infrastructure, platform, and engineering teams on secure configuration, access control, logging, and incident readiness.
Support compliance activities related to GovRAMP, FedRAMP, PCI DSS, and internal reviews using AWS security tooling.
Grant Street Group is a growing company that provides SaaS products for electronic payments, auctions, and tax collection. The company fosters a culture of teamwork, professional excellence, and individual responsibility in a technology-rich remote environment.
Serve as a primary compliance resource embedded in the Alma-to-Spring Health integration, mapping control environments and building a unified compliance organization.
Own and lead enterprise-level compliance programs including SOC 2 Type II, HITRUST, HIPAA, GDPR, ISO 27001, ISO 42001, and ITGC-SOX.
Develop and operationalize Spring Health's AI governance program, including policies, risk frameworks, and AI-specific compliance documentation.
Spring Health is a global mental health company on a mission to eliminate every barrier to mental health. With outcomes independently validated by JAMA Network Open, Spring Health reaches more than 170 million people worldwide through leading employers, health plans, and partners.
Serve as the primary subject matter expert for IAM and ERP security across the CAPPS program, managing the full identity lifecycle and enforcing RBAC and least-privilege modeling.
Monitor authentication and authorization logs for anomalies, coordinate with the client's Information Security Office, and oversee secure integration of third-party applications via SAML, OAuth, OIDC, SCIM, and custom APIs.
Participate in annual IT control audits, review technical deliverables for CAPPS architecture and security system plans, and serve as a security advisor during procurement cycles.
RESPEC is a 100% employee-owned company that tackles complex challenges in energy transition, infrastructure resilience, digital transformation, and sustainability. Since 1969, they have built a culture of ownership where employees drive real solutions across global projects.
Manage ISACA's credentialing program policies and ensure compliance with ISO/IEC 17024:2026 standard.
Design and implement controls to mitigate risks associated with exam IP and certification fraud.
Oversee credentialing policy-driven activities and collaborate with internal teams to maintain exam integrity.
ISACA champions the global workforce advancing trust in technology. For more than 55 years, ISACA has empowered its community of 195,000+ members with knowledge, credentials, training and network.
Lead the roadmap for global data center physical security programs including access control, surveillance, and intrusion detection.
Drive end-to-end program execution across design, procurement, and operations, managing dependencies with engineering and compliance.
Establish security standards and ensure compliance with ISO 27001, SOC 2, and NIST frameworks.
Vultr makes high-performance cloud infrastructure easy to use, affordable, and locally accessible for enterprises and AI innovators worldwide. Privately held with a $3.5 billion valuation and 33 global data centers, Vultr fosters a culture of commitment with generous benefits and career growth.
Monitor security alerts, vulnerabilities, and incidents across enterprise systems and assist in incident response.
Maintain compliance with standards such as NIST CSF, ISO 27001, and SOC 2 through audits and policy development.
Conduct security risk assessments, evaluate controls, and track remediation plans.
Mission Critical Group is an end-to-end power solutions and services provider that accelerates time-to-power for mission critical environments. With over 1.5 million square feet of U.S. manufacturing capacity, they support data centers, healthcare, and industrial facilities.