Source Job

• Own the full proposal lifecycle from RFP release through submission.
• Decompose RFPs into compliance matrices and annotated outlines.
• Translate requirements into winning proposal structure and messaging.

True Zero Technologies enables people and technology in an organization, tying it directly to the quality of its outcomes. They are a veteran-owned small business with a people-first approach. They have been recognized as one of the Best Places to Work and earned spots on the Inc. 5000 list.

• Apply compliance frameworks to assess, design, and implement security controls.
• Conduct compliance gap assessments and develop remediation plans.
• Create and maintain key documentation tailored to client needs.

AHEAD builds platforms for digital business by weaving together advances in cloud infrastructure, automation and analytics, and software delivery. They prioritize creating a culture of belonging where all perspectives and voices are represented, valued, respected, and heard.

• Conduct ongoing risk reviews and maintain an up-to-date risk register.
• Support risk assessments across critical business processes and systems.
• Partner with stakeholders to develop and track risk mitigation plans through resolution.

Radicle Health offers human services software products to foster collaboration and innovation, aiding organizations in better serving communities. They believe technology is crucial for the human services sector's success, housing mission-driven products that support organizations in delivering essential services.

• Execute end-to-end third-party and vendor risk assessments.
• Develop, maintain, and enhance risk metrics, dashboards, and reporting.
• Assist with additional GRC activities as needed, including policy management, risk assessments, control testing, and compliance initiatives

Aprio is a Top 20 CPA and advisory firm that accounts for anything. With over 3,200 team members and 40 U.S. office locations, plus international offices, they bring proven expertise and strategic foresight to fast-growing industries.

• Accelerate Onebrief’s execution of GRC programs supporting NIST RMF, FedRAMP High, CMMC, and SOC2 authorizations
• Develop and manage integrated project plans for control implementation, remediation, and continuous monitoring
• Coordinate cross-functional teams (Infrastructure, Engineering, Product) to ensure timely delivery of compliance requirements

Onebrief provides collaboration and AI-powered workflow software designed specifically for military staffs, aiming to make them faster, smarter, and more efficient. Valued at $2.15B, the company has raised $320m+ from top-tier investors and operates as an all-remote company.

• Responsible for managing and growing a comprehensive third-party risk management program across the organization.
• Ensuring that Privia Health's information assets are safeguarded against cyber threats originating from third and fourth parties.
• Leading the Third Party Access Committee (TPAC), driving compliance with regulations and implementing industry best practices for vendor risk management.

Privia Health is a technology-driven, national physician enablement company that collaborates with medical groups, health plans, and health systems to optimize physician practices, improve patient experiences, and reward doctors for delivering high-value care. The Privia Platform is led by top industry talent and exceptional physician leadership.

• Develop, maintain, and continuously improve GRC policies, standards, procedures, and control frameworks.
• Lead and support SOC 2 Type II, ISO 27001, PCI DSS and other compliance initiatives, including evidence collection, control validation, and remediation tracking.
• Partner with Security and Platform teams to ensure controls are technically implemented, not just documented.

HighLevel is an AI powered, all-in-one white-label sales & marketing platform that empowers agencies, entrepreneurs, and businesses to elevate their digital presence and drive growth. With over 1,500 team members across 15+ countries, we operate in a global, remote-first environment.

• Lead the development of executive-level reporting on IT risk and compliance.
• Own and evolve the firm’s IT risk register and Risk & Control Self-Assessment (RCSA) program.
• Analyze incident, change, and problem management data to identify trends and improvement opportunities.

Wilson Sonsini is the premier legal advisor to technology, life sciences, and other growth enterprises worldwide. The firm has approximately 1,100 attorneys in 17 offices and fosters an entrepreneurial spirit and team-oriented approach for all employees.

• Support the execution and continuous improvement of Qohash’s security program.
• Support risk assessments, track identified risks, and help coordinate remediation efforts.
• Maintain security policies, standards, awareness materials, and support internal security training initiatives.

Qohash is building a foundational pillar of Canada’s digital sovereignty, believing security must scale differently. They look for bold, mission-driven individuals with technical depth and strategic clarity who collaborate across disciplines to protect sensitive data.

• Own all cybersecurity operations for assigned workstream: SIEM/EDR, identity and access management, vulnerability remediation, patching, and security monitoring.
• Manage ATO packages and lead system accreditation efforts across mission and enterprise systems, ensuring compliance with RMF, FISMA, and customer-specific controls.
• Ensure CMS modernization efforts incorporate required cyber controls, audit readiness, and DCSA/DHS security expectations.

Peraton is a next-generation national security company that drives missions of consequence spanning the globe. As a mission capability integrator and transformative enterprise IT provider, they deliver trusted, highly differentiated solutions and technologies to protect our nation and allies.

• Support security and compliance programs aligned with frameworks such as NIST, ISO, PCI DSS, and HIPAA.
• Assist in maintaining alignment with global privacy regulations (GDPR, CCPA, and similar frameworks).
• Assist in the development, implementation, and maintenance of security, privacy, and AI governance policies, standards, and procedures.

Hims & Hers is a health and wellness platform with a mission to help the world feel great through the power of better health. They are redefining healthcare by putting the customer first and delivering access to care that is affordable, accessible, and personal.

• Apply the Risk Management Framework (RMF) to support system authorization activities.
• Develop and maintain RMF artifacts and coordinate with stakeholders to ensure systems meet security compliance requirements.
• Support the design, implementation, and maintenance of secure cloud architectures.

EXPANSIA delivers high-impact technologies, technology-enabled services and advanced manufacturing solutions to the U.S. Department of Defense and related national security customers. They operate as a multi-entity aerospace and defense technology and tech-enabled services and manufacturing enterprise positioned for scalable growth, operational excellence, and long-term value creation.

• Define and implement end-to-end governance workflows for risk identification, review, acceptance, and monitoring.
• Engage stakeholders across business, technology, and security functions to validate workflows and onboard risks.
• Produce audit-ready documentation and provide comprehensive knowledge transfer to ensure process sustainability.

Cayuse Civil Services, LLC provides technology solutions and services, likely with a focus on government or civil sectors. The company emphasizes core values of innovation, excellence, collaboration, adaptability, and integrity, and is structured with program managers and a focus on professional teamwork.

• Conduct risk assessments for critical and operationally significant third-party entities.
• Identify, track, and drive remediation of control gaps and security risks uncovered throughout the assessment lifecycle.
• Partner closely with cross-functional teams to manage third-party risk holistically and stay ahead of emerging risks, including generative and agentic AI.

HealthEquity's mission is to save and improve lives by empowering healthcare consumers. They envision making HSAs as widespread and popular as retirement accounts and they are passionate about providing a solution that allows American families to connect health and wealth.

• Serve as the central point of contact for the Government’s Contracting Officer.
• Lead overall contract governance, risk management, staffing oversight, and performance execution.
• Ensure compliance with government regulatory cybersecurity requirements.

Electrosoft Services, Inc. provides technology-based solutions and services to federal customers. They focus on cybersecurity, ICAM, enterprise IT modernization, and software solutions and retain qualified employees while offering meaningful work, growth opportunities, and work-life balance.

• Manage the contract lifecycle for contracts and subcontracts, including negotiation, correspondence, documentation, and reporting
• Review RFPs and support proposal development and submission.
• Respond to complex inquiries and issues regarding contractual obligations

TekSynap is a fast-growing high-tech company that understands both the pace of technology today and the need to have a comprehensive well-planned information management environment. They aim to nimbly utilize the best that information technology offers to meet the business needs of our Federal Government customers.

• Own and maintain security and compliance documentation, including policies and procedures.
• Support commercial teams in complex information security and compliance negotiations.
• Manage ISO 27001 compliance, certification maintenance, and audit preparations.

Gearset handles Salesforce DevOps for some of the world's largest companies. The company operates with a modern approach to security and compliance in a growing, ambitious environment.

• Provides intermediate level knowledge for high visibility requirements of government Information Technology Acquisition lifecycle.
• Manages and documents acquisition milestones and contract deliverables.
• Collects and analyzes a variety of source and acquisition documentation.

TekSynap is a fast-growing high-tech company focused on providing comprehensive information management environments. They employ people who nimbly utilize information technology to meet the business needs of their Federal Government customers.

• Build and scale the enterprise GRC program, including risk management, compliance, and policy frameworks.
• Lead compliance certification programs like SOC 2, HIPAA, and HITRUST, managing audit preparedness and execution.
• Oversee GRC platforms and control monitoring while developing policies aligned with frameworks such as NIST and ISO 27001.

Aledade is a public benefit corporation that empowers independent primary care practices to thrive in value-based care by creating value-based contracts across various health plans.The company is the largest network of independent primary care in the country, featuring a collaborative, inclusive, remote-first culture driven by a shared passion for public health.

• Serves as the premier cybersecurity authority within the TALON program.
• Provides strategic advisory services to TSA’s IT leadership on cybersecurity risk management, security architecture, and compliance program maturity.
• Serves as the senior cybersecurity advisor, providing real-time technical guidance to TSA stakeholders and the O&M contractor in support of rapid issue resolution.

DMI is a leading provider of digital services and technology solutions, headquartered in Tysons Corner, VA. They focus on end-to-end managed IT services, including managed mobility, cloud, cybersecurity, network operations, and application development, supporting public sector agencies and commercial enterprises around the globe.