Enhances the strategic pillars of a security compliance program and facilitate day-to-day compliance operations.
Involved in multiple areas of the business where compliance and security impact operations.
Works on assignments that are complex and require professional skepticism, judgment, initiative, and knowledge of SaaS Company positions.
Optro is the leading audit, risk, ESG, and InfoSec platform on the market, surpassing $300M ARR and continuing to grow. More than 50% of the Fortune 500 leverage their award-winning technology. They inspire each other to innovate and are proud of what they are producing.
Support security and compliance programs aligned with frameworks such as NIST, ISO, PCI DSS, and HIPAA.
Assist in maintaining alignment with global privacy regulations (GDPR, CCPA, and similar frameworks).
Assist in the development, implementation, and maintenance of security, privacy, and AI governance policies, standards, and procedures.
Hims & Hers is a health and wellness platform with a mission to help the world feel great through the power of better health. They are redefining healthcare by putting the customer first and delivering access to care that is affordable, accessible, and personal.
Owns and manages the organization’s enterprise certification frameworks.
Develop and maintain policies and procedures supporting certification frameworks.
Support proposal teams by validating and documenting certification compliance.
Lynker Corporation is a leading provider of innovative solutions in weather and climate science. They leverage cutting-edge technologies and scientific expertise to support improved operational weather forecasts. Lynker is a growing, employee-owned business specializing in professional, scientific, and technical services with a team-oriented work environment.
Accelerate Onebrief’s execution of GRC programs supporting NIST RMF, FedRAMP High, CMMC, and SOC2 authorizations
Develop and manage integrated project plans for control implementation, remediation, and continuous monitoring
Coordinate cross-functional teams (Infrastructure, Engineering, Product) to ensure timely delivery of compliance requirements
Onebrief provides collaboration and AI-powered workflow software designed specifically for military staffs, aiming to make them faster, smarter, and more efficient. Valued at $2.15B, the company has raised $320m+ from top-tier investors and operates as an all-remote company.
Implement and manage the NIST Risk Management Framework (RMF) to achieve and maintain compliance.
Drive the data privacy program by conducting Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs).
Design and execute a continuous internal audit program to validate the effectiveness of controls.
IonQ delivers solutions to solve the world’s most complex problems with quantum computing. IonQ's newest generation quantum computers, IonQ Tempo and IonQ Forte Enterprise, help customers and partners such as Amazon Web Services, AstraZeneca, and NVIDIA achieve 20x performance results.
Conduct gap assessments against CMMC/NIST SP 800-171 requirements
Assist with the development and updates to the System Security Plan (SSP) and POA&M
Broadway Ventures transforms challenges into opportunities with expert program management, cutting-edge technology, and innovative consulting solutions. As an 8(a), HUBZone, and Service-Disabled Veteran-Owned Small Business (SDVOSB), they empower government and private sector clients by delivering tailored solutions that drive operational success, sustainability, and growth.
Support client engagements related to CMMC readiness, implementation, and documentation
Develop, update, and maintain System Security Plans (SSPs)
Assist with NIST SP 800-171, NIST SP 800-53, and FedRAMP documentation, control mapping, and related deliverables
Hotman Group is a remote boutique cybersecurity and GRC firm supporting clients across a range of industries and compliance needs. They value strong writing, quality work, collaboration, sound judgment, and practical execution.
Apply the Risk Management Framework (RMF) to support system authorization activities.
Develop and maintain RMF artifacts and coordinate with stakeholders to ensure systems meet security compliance requirements.
Support the design, implementation, and maintenance of secure cloud architectures.
EXPANSIA delivers high-impact technologies, technology-enabled services and advanced manufacturing solutions to the U.S. Department of Defense and related national security customers. They operate as a multi-entity aerospace and defense technology and tech-enabled services and manufacturing enterprise positioned for scalable growth, operational excellence, and long-term value creation.
Implement and maintain enterprise security tooling and approved configuration baselines across endpoints, browsers, SaaS platforms, and identity systems.
Partner with Corporate Security Engineering leadership and Vulnerability Management to ensure configuration controls and remediation efforts are aligned, measurable, and enforceable.
Continuously improve security configurations by reducing drift, expanding automation, and strengthening documentation and evidence collection to support audit readiness.
Onebrief provides collaboration and AI-powered workflow software specifically for military staffs, enhancing their speed, intelligence, and efficiency. It's a remote-first company with a team of veterans and technologists, valued at $2.15B, backed by top-tier investors.
Monitor and validate Kubernetes and data lake deployments for compliance.
Maintain continuous monitoring dashboards and conduct vulnerability scans.
Prepare and update system security documentation.
Founded in 1989, SOSi is among the largest private, founder-owned technology and services integrators in the defense and government services industry. They deliver tailored solutions, tested leadership, and trusted results to enable national security missions worldwide.
Own CMMC 2.0 and SOC 2 end-to-end, including control design and implementation.
Lead all IT functions supporting corporate and program needs, owning IT architecture and tooling decisions.
Provide guidance and escalation support for IT hardware/software issues; mentor IT Support Specialist & Cloud Infrastructure Engineer.
DEFCON AI leverages artificial intelligence, mathematical optimization, data analytics, and software engineering for resilient optimization of complex systems. They align outcomes with operational goals, better decision making, and empower customers to anticipate, assess, and mitigate the impacts of disruptions.
Own end-to-end compliance strategy and operations.
Conduct risk assessments and identify compliance risks.
Build compliance programs from ground up and coordinate compliance audits.
Sprinto is an AI-native GRC platform that helps organizations manage risks, audits, vendor oversight, and continuous monitoring from a single connected platform. With a team of 350+ employees serving 3,000+ customers across 75+ countries, Sprinto combines scale with expertise to deliver trust and compliance.
Maintain documentation for ISO/IEC 27001 & ISO/IEC 42001; improve activities.
Extract security requirements from client MSAs; identify gaps and risks.
Coordinate internal and client audit requests; collect evidence.
Avalere Health's mission is to ensure every patient is identified, treated, supported, and cared for. They bring Advisory, Medical, and Marketing teams together to forge unconventional connections, building a future where healthcare is not a barrier and no patient is left behind.
Conduct ongoing risk reviews and maintain an up-to-date risk register.
Support risk assessments across critical business processes and systems.
Partner with stakeholders to develop and track risk mitigation plans through resolution.
Radicle Health offers human services software products to foster collaboration and innovation, aiding organizations in better serving communities. They believe technology is crucial for the human services sector's success, housing mission-driven products that support organizations in delivering essential services.
Secure cloud-based environments by designing and implementing native security solutions using services.
Drive Continuous RMF practices, automating control implementation and reporting through modern methodologies like Continuous Authorization to Operate.
Automate provisioning and configuration of IT environments and implement and manage security measures like firewalls, IDS/IPS, vulnerability scanning, encryption, and ICAM solutions.
Rise8 builds custom, secure software for government organizations, measuring success by impact: lives saved, time returned, and missions advanced. They believe customer experience starts with employee experience, so they take care of their employees and offer competitive pay and benefits, autonomy, growth, and a culture rooted in kindness, candor, and continuous learning.
Support the execution and continuous improvement of Qohash’s security program.
Support risk assessments, track identified risks, and help coordinate remediation efforts.
Maintain security policies, standards, awareness materials, and support internal security training initiatives.
Qohash is building a foundational pillar of Canada’s digital sovereignty, believing security must scale differently. They look for bold, mission-driven individuals with technical depth and strategic clarity who collaborate across disciplines to protect sensitive data.
Ownership of our SOC 2 and Privacy compliance roadmap, from problem framing to tracking adoption.
Gap analysis and consulting with clients to assess their InfoSec posture and provide actionable paths to certification.
Internal playbook development, creating the checklists, policy templates, and controls that will be automated within our software.
Greenplaces helps companies navigate reporting requirements. They empower businesses to measure their carbon emissions and act as the definitive source of truth for all sustainability and compliance activity. They are headquartered in Raleigh, NC, with a distributed team across the country and backed by world-class investors.
Own security posture, compliance programs, and audit readiness.
Lead all IT functions supporting corporate and program needs.
Provide guidance and escalation support for IT hardware/software issues as needed.
Red Cell Partners is an incubation firm building and investing in rapidly scalable technology-led companies. They bring revolutionary advancements to market in healthcare, cyber, and national security and are united by a shared sense of duty.
Well-versed in FedRAMP assessment methodology within cloud information systems.
Electrosoft Services, Inc. provides comprehensive technology-based solutions and services to federal customers, specializing in cybersecurity, ICAM, enterprise IT modernization, and software solutions. They are an award-winning company that retains highly qualified employees and offers meaningful work, growth opportunities, and work-life balance.
Own our security and compliance documentation accurate and up to date.
Support our commercial teams in complex information security and compliance negotiations.
Take ownership of maintaining our current ISO 27001 compliance and certification.
Gearset is trusted by some of the largest companies in the world to handle their Salesforce DevOps. They are committed to protecting data through a modern approach to security and compliance.