Develop, maintain, and continuously improve GRC policies, standards, procedures, and control frameworks.
Lead and support SOC 2 Type II, ISO 27001, PCI DSS and other compliance initiatives, including evidence collection, control validation, and remediation tracking.
Partner with Security and Platform teams to ensure controls are technically implemented, not just documented.
HighLevel is an AI powered, all-in-one white-label sales & marketing platform that empowers agencies, entrepreneurs, and businesses to elevate their digital presence and drive growth. With over 1,500 team members across 15+ countries, we operate in a global, remote-first environment.
Support the execution and continuous improvement of Qohash’s security program.
Support risk assessments, track identified risks, and help coordinate remediation efforts.
Maintain security policies, standards, awareness materials, and support internal security training initiatives.
Qohash is building a foundational pillar of Canada’s digital sovereignty, believing security must scale differently. They look for bold, mission-driven individuals with technical depth and strategic clarity who collaborate across disciplines to protect sensitive data.
Serves as the premier cybersecurity authority within the TALON program.
Provides strategic advisory services to TSA’s IT leadership on cybersecurity risk management, security architecture, and compliance program maturity.
Serves as the senior cybersecurity advisor, providing real-time technical guidance to TSA stakeholders and the O&M contractor in support of rapid issue resolution.
DMI is a leading provider of digital services and technology solutions, headquartered in Tysons Corner, VA. They focus on end-to-end managed IT services, including managed mobility, cloud, cybersecurity, network operations, and application development, supporting public sector agencies and commercial enterprises around the globe.
Monitor, assess, and maintain security controls within cloud environments.
Manage the overall Security Awareness program for Cority.
Provide Security Incident Response support and participate in the development of business cases and presentations on cloud security technologies.
Cority helps customers see and prevent risks across their operations in real time. They are recognized by top analysts and trusted by more than 1,500 of the most complex organizations worldwide.
Conduct ongoing risk reviews and maintain an up-to-date risk register.
Support risk assessments across critical business processes and systems.
Partner with stakeholders to develop and track risk mitigation plans through resolution.
Radicle Health offers human services software products to foster collaboration and innovation, aiding organizations in better serving communities. They believe technology is crucial for the human services sector's success, housing mission-driven products that support organizations in delivering essential services.
Apply compliance frameworks to assess, design, and implement security controls.
Conduct compliance gap assessments and develop remediation plans.
Create and maintain key documentation tailored to client needs.
AHEAD builds platforms for digital business by weaving together advances in cloud infrastructure, automation and analytics, and software delivery. They prioritize creating a culture of belonging where all perspectives and voices are represented, valued, respected, and heard.
Drive the implementation and continuous improvement of the ISO 27001 Information Security Management System.
Support SOC 2 Type II compliance efforts, including control implementation and evidence collection.
Own and evolve the company-wide risk management program, including risk register and scoring methodology.
Insider One provides a platform that brings marketing and customer engagement teams everything they need in one place. They are powered by 1,500+ team members representing 50+ nationalities across 30+ offices and are trusted by 2000+ customers.
Apply the Risk Management Framework (RMF) to support system authorization activities.
Develop and maintain RMF artifacts and coordinate with stakeholders to ensure systems meet security compliance requirements.
Support the design, implementation, and maintenance of secure cloud architectures.
EXPANSIA delivers high-impact technologies, technology-enabled services and advanced manufacturing solutions to the U.S. Department of Defense and related national security customers. They operate as a multi-entity aerospace and defense technology and tech-enabled services and manufacturing enterprise positioned for scalable growth, operational excellence, and long-term value creation.
Responsible for managing and growing a comprehensive third-party risk management program across the organization.
Ensuring that Privia Health's information assets are safeguarded against cyber threats originating from third and fourth parties.
Leading the Third Party Access Committee (TPAC), driving compliance with regulations and implementing industry best practices for vendor risk management.
Privia Health is a technology-driven, national physician enablement company that collaborates with medical groups, health plans, and health systems to optimize physician practices, improve patient experiences, and reward doctors for delivering high-value care. The Privia Platform is led by top industry talent and exceptional physician leadership.
Support security and compliance programs aligned with frameworks such as NIST, ISO, PCI DSS, and HIPAA.
Assist in maintaining alignment with global privacy regulations (GDPR, CCPA, and similar frameworks).
Assist in the development, implementation, and maintenance of security, privacy, and AI governance policies, standards, and procedures.
Hims & Hers is a health and wellness platform with a mission to help the world feel great through the power of better health. They are redefining healthcare by putting the customer first and delivering access to care that is affordable, accessible, and personal.
Own and lead the full lifecycle of the program’s risk management process.
Continuously refine and mature risk practices to ensure operational excellence.
Communicate risk status, trends, and escalations clearly through written updates.
IT Concepts dba Kentro drives innovation and collaboration, dedicated to advancing customers' missions and fostering professional growth. They are a dynamic community of experts committed to making a positive impact on their communities.
Own all cybersecurity operations for assigned workstream: SIEM/EDR, identity and access management, vulnerability remediation, patching, and security monitoring.
Manage ATO packages and lead system accreditation efforts across mission and enterprise systems, ensuring compliance with RMF, FISMA, and customer-specific controls.
Peraton is a next-generation national security company that drives missions of consequence spanning the globe. As a mission capability integrator and transformative enterprise IT provider, they deliver trusted, highly differentiated solutions and technologies to protect our nation and allies.
Support the design, implementation, and maintenance of secure cloud architectures in accordance with program and security requirements.
Conduct risk and vulnerability assessments and assist with developing mitigation strategies.
Implement and maintain security configurations to ensure the confidentiality, integrity, and availability of systems.
EXPANSIA, along with JHNA and CTSi, forms a Defense Technology platform delivering high-impact technologies to the U.S. Department of Defense and related national security customers. They operate as a multi-entity aerospace and defense technology and tech-enabled services and manufacturing enterprise positioned for scalable growth and operational excellence.
Lead enterprise risk assessments across various organizational exposures.
Facilitate risk identification workshops with senior leadership.
Design or mature ERM frameworks, drawing on standards like COSO ERM, ISO 31000, and NIST RMF.
Artemis Connection is a strategic management consultancy working across various sectors, helping clients identify pressing strategic issues and deliver impact through customized, project-based approaches. Their GRC practice assists organizations in navigating complex regulatory environments and building effective risk frameworks.
Owns and manages the organization’s enterprise certification frameworks.
Develop and maintain policies and procedures supporting certification frameworks.
Support proposal teams by validating and documenting certification compliance.
Lynker Corporation is a leading provider of innovative solutions in weather and climate science. They leverage cutting-edge technologies and scientific expertise to support improved operational weather forecasts. Lynker is a growing, employee-owned business specializing in professional, scientific, and technical services with a team-oriented work environment.
Performs remote workplace/work site risk evaluation and remote consultative risk improvement services.
Provides remote risk assessment information on complex accounts to support the underwriting process.
Develops and maintains business relationships with internal and external business partners through remote engagement and collaboration.
CNA strives to create a culture in which people know they matter and are part of something important, ensuring the abilities of all employees are used to their fullest potential. They are focused on success, individually and collectively promoting a culture that challenges and engages people.
Oversee multiple security projects, ensuring alignment with organizational goals.
Drive program success through effective leadership and communication.
Monitor budgets and mitigating risks, maintaining high-quality standards across all projects.
Jobgether uses an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company.
Lead end-to-end Third Party Risk Assessments for new and existing vendors.
Own the ongoing monitoring and tracking of vendor risk across Smartsheet's third-party portfolio.
Evaluate vendor security documentation and translate findings into clear, actionable risk summaries for stakeholders.
Smartsheet empowers people and teams to achieve anything. They provide tools for work management and scalable solutions, fostering a culture that values diverse perspectives and supports employee growth and impact.
Well-versed in FedRAMP assessment methodology within cloud information systems.
Electrosoft Services, Inc. provides comprehensive technology-based solutions and services to federal customers, specializing in cybersecurity, ICAM, enterprise IT modernization, and software solutions. They are an award-winning company that retains highly qualified employees and offers meaningful work, growth opportunities, and work-life balance.
Lead end-to-end PCI DSS compliance, including CDE scoping and reduction, control implementation/validation, and audit management.
Lead and support SOC 2 Type II attestation initiatives, including TSC mapping, evidence collection, control testing, and remediation tracking
Own the Third-Party Risk Management (TPRM) program, including vendor tiering, risk assessments, and security reviews
HighLevel is an AI-powered business operating system that gives agencies, entrepreneurs and SMBs the infrastructure to build, automate and scale. With over 2,000 team members across 10+ countries, HighLevel operates as a global, remote-first organization built for speed and ownership.