Serve as a trusted compliance advisor for DoD contractors, guiding them through NIST SP 800-171, CMMC 2.0, and DFARS requirements from gap analysis to audit readiness.
Conduct recurring strategy meetings, review implementation progress, translate complex regulations into practical recommendations, and collaborate with client leadership.
Prepare professional assessment reports, maintain compliance documentation, deliver training, and support clients through ongoing compliance management and SPRS submissions.
Own RMF authorizations across Department of War components and FedRAMP High, alongside CMMC 2.0 and SOC 2 compliance for corporate systems.
Maintain authorization and audit evidence, including SSPs, SARs, POA&Ms, STIGs, and control mappings.
Partner with Engineering, Product, and Security to embed compliance requirements into system design and CI/CD workflows.
Onebrief builds collaboration and AI-powered workflow software for military planning and operational coordination. Founded in 2019, valued at over $2 billion, they are a distributed team of builders from military, operational, and technology backgrounds.
Focus on developing and delivering compliance solutions and strategies for Commercial, Defense Industrial Base, and State/Local customers.
Conduct compliance audits, assessments, and gap analyses to identify areas for improvement.
Author policies, plans, and procedures in CJIS and FedRAMP environments while serving as a trusted advisor to customers.
Planet Technologies is the leading provider of Microsoft consulting services to public sector and commercial organizations, specializing in building custom solutions that transform business operations. They are a growing team with collaborative peers and caring leaders, focused on high-profile client projects.
Work with team members to assess DIB organizations' compliance with CMMC regulations.
Collect and examine evidence, observe, test, and analyze results to score OSC practices.
Generate preliminary report findings and finalize assessment reports.
Coalfire Federal is a cybersecurity consultancy providing independent advice, assessments, and cyber engineering to Federal agencies. With over 20 years of experience and offices in the US and Europe, it fosters a culture of passionate problem-solvers.
Lead delivery of FedRAMP, CMMC, HITRUST, and NIST compliance engagements where federal authorization is on the line.
Build reusable IP like control-mapping libraries, SSP templates, and evidence-collection playbooks for complex frameworks.
Own pricing, margin, and utilization for specialized federal engagements, plus leverage AI to standardize deliverables.
Sprinto is an Autonomous Trust Platform that centralizes trust requirements across security frameworks, vendors, and customers. Backed by top-tier investors like Accel, Elevation, and Blume Ventures, we've raised $31.8M and are trusted by over 3,000 organizations across 75 countries, with a remote culture built on ownership and progress over perfection.
Lead formal CMMC Level 2 assessments for defense industrial base organizations pursuing certification.
Manage and mentor assessment teams, evaluate evidence against NIST SP 800-171 practices, and produce defensible findings.
Serve as the primary client point of contact, plan scope, and make final certification outcome decisions.
Sentinel Blue is a cybersecurity company focused on bringing enterprise-class cybersecurity to small and medium businesses. They are a young, fast-paced company that operates fully remote, constantly learning and pushing the envelope.
Own and manage the compliance program including SOC 2 and ISO 27001 readiness and audits.
Lead risk assessments, control testing, and enterprise risk management processes.
Partner with Engineering, Security, Product, Legal, HR, and Operations to embed compliance into business processes.
Calendly is a scheduling platform used by millions to automate meetings and streamline time management. They are a rapidly growing SaaS company fostering a culture of learning and high performance.
Consult onsite and remotely with customers to collect and analyze data related to policies, infrastructure, and compliance requirements.
Perform gap analyses of current environments and recommend remediation steps.
Assist with sales and marketing activities as a subject matter expert and prepare industry presentations.
CampusGuard provides information security and privacy consulting and compliance services for campus-based organizations. It is a full-service firm leveraging industry standards to deliver world-class security and compliance services.
Own Filevine's FedRAMP 20x strategy and execution, including evidence automation, continuous monitoring, and certification readiness.
Drive the security compliance and trust program across FedRAMP, SOC 2, ISO, HIPAA, and PCI-DSS, converting obligations into engineering work.
Lead cross-functional alignment and executive reporting to ensure compliance, privacy, and security priorities are shipped on time.
Filevine is a Legal AI company delivering Legal Operating Intelligence for the future of legal work. Fueled by a team of exceptional collaborators and innovators, Filevine’s rapid growth has earned AI awards and recognition from Deloitte and Inc. as one of the most innovative and fastest-growing technology companies in the country.
Maintain and improve the Quality Management System (QMS) and support compliance with CMMI, CMMC, and ISO standards.
Support government contract compliance, coordinate audits, and manage documentation for contracts and IDIQ vehicles.
Develop dashboards and reports for compliance, audits, and PMO maturity metrics.
True Zero Technologies is a veteran-owned small business that focuses on enabling people and technology to drive quality outcomes. The company has been recognized as a Best Places to Work honoree and has appeared on the Inc. 5000 list of fastest-growing companies, reflecting its people-first culture and commitment to excellence.
Manage and conduct internal and external compliance audits for frameworks like ISO, SOC, and NIST.
Work with global teams to implement and update compliance controls, policies, and training.
Stay updated on regulatory changes and perform gap analysis to maintain certifications.
QAD is building a world-class SaaS company that solves real-world problems in manufacturing and supply chain. They are a growing, virtual-first company with a collaborative culture that values idea-sharing and growth.
Maintain Risk Management Framework artifacts for DevSecOps pipeline inheritance of NIST SP 800-53 controls.
Complete and validate STIG/SRG checklists quarterly and provide monthly application STIG status reports.
Evaluate program risks, document mitigation strategies, and recommend courses of action to ensure continuous ATO compliance.
DecisionPoint is a company providing cloud services and DevSecOps solutions, supporting ARTRANS AWS environments. It is a regular full-time employer fostering a culture of security and compliance, with an active Secret clearance required for this role.
Monitor security alerts, vulnerabilities, and incidents across enterprise systems and assist in incident response.
Maintain compliance with standards such as NIST CSF, ISO 27001, and SOC 2 through audits and policy development.
Conduct security risk assessments, evaluate controls, and track remediation plans.
Mission Critical Group is an end-to-end power solutions and services provider that accelerates time-to-power for mission critical environments. With over 1.5 million square feet of U.S. manufacturing capacity, they support data centers, healthcare, and industrial facilities.
Write and maintain security compliance documentation including agency policies and technical baselines.
Translate federal regulations like NIST and FISMA into clear, actionable policies for technical and non-technical audiences.
Collaborate with system owners and stakeholders to ensure documentation aligns with IT standards and organizational needs.
Valiant Solutions is a security-focused IT solutions provider serving public clients nationwide. Named one of the fastest growing privately held companies and a Best Place to Work, we pride ourselves on an employee-centric culture and work-life balance.
Develop and maintain the enterprise IT GRC strategy, framework, and roadmap, presenting updates to executive leadership.
Lead enterprise IT risk assessments, maintain risk registers, and oversee remediation efforts.
Ensure compliance with regulations like NIST, ISO 27001, SOC, PCI-DSS, HIPAA, GDPR, and SOX.
Mission Critical Group is an end-to-end power solutions and services provider that accelerates time-to-power for mission critical environments. With over 1.5 million square feet of U.S. manufacturing capacity, the company supports data centers, healthcare, and industrial facilities where uptime is non-negotiable.
Serve as a primary compliance resource embedded in the Alma-to-Spring Health integration, mapping control environments and building a unified compliance organization.
Own and lead enterprise-level compliance programs including SOC 2 Type II, HITRUST, HIPAA, GDPR, ISO 27001, ISO 42001, and ITGC-SOX.
Develop and operationalize Spring Health's AI governance program, including policies, risk frameworks, and AI-specific compliance documentation.
Spring Health is a global mental health company on a mission to eliminate every barrier to mental health. With outcomes independently validated by JAMA Network Open, Spring Health reaches more than 170 million people worldwide through leading employers, health plans, and partners.
Manage the Compliance and Security workstream within a telecom transformation program, coordinating SOC 2, ISO/IEC 27001, and GDPR readiness activities.
Build and maintain the workstream plan with milestones, deliverables, and RAID logs, while driving evidence collection and control-owner alignment.
Facilitate workshops, track remediation across multiple domains, and ensure alignment with adjacent program streams and governance forums.
Miratech helps visionaries change the world as a global IT services and consulting company supporting digital transformation for large enterprises. With nearly 1000 professionals operating across 25+ countries and a 99% project success rate, their culture emphasizes relentless performance and growth.