Support CapIntel’s Governance, Risk, and Compliance program
Manage third-party risk and customer security reviews
Support operational security, privacy, and security awareness initiatives
CapIntel is a software platform built for wealth management enterprises to help financial advisors explain complex investment strategies to their clients. Since launching in 2019, CapIntel has seen rapid adoption and industry recognition, earning top placements in Deloitte’s Technology Fast 50 Canada and Fast 500 North America in 2025, ranking us among the fastest -growing technology companies.
Develops and refines performance methodologies that support the cybersecurity requirements.
Oversee independent assessments and review Security Impact Analyses (SIA).
Incorporate compliance data into the Governance, Risk, and Compliance Tool (GRCT).
SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider. It is an established ISO 9001:2015 and ISO/IEC 27001:2013 certified small business and appraised at CMMI Level 3 for Services and Development.
Manage and develop staff members under Product Compliance.
Oversee and contribute to the vulnerability management lifecycle.
Assess and serve as a subject matter expert for regulatory and compliance requirements.
ExtraHop is a company that focuses on network detection and response (NDR) to help organizations stay ahead of emerging threats. They integrate network threat detection, network performance management, intrusion detection, and packet forensics into a single console.
Support the development, implementation, and maintenance of IT compliance policies, standards, procedures, and controls.
Coordinate and support internal and external audits, including preparation of documentation, evidence collection, and remediation tracking.
Perform periodic compliance assessments, gap analyses, and risk assessments against applicable frameworks and standards.
Xcelerate Solutions, founded in 2009 and located in McLean, VA, is a fast-growing company. The company is defined by a diversified workforce of dynamic and versatile professionals, with growth and development opportunities that contribute to individual and firm growth.
Lead end-to-end audit execution across SOC 2, ISO 27001, ISO 42001, ISO 27701, HIPAA, and GDPR and maintain year-round audit readiness.
Build and mature Atlan's risk management program and turn abstract risk conversations into measurable metrics with clear ownership and quarterly leadership reviews.
Integrate our GRC platform with cloud infrastructure, CI/CD pipelines, HR systems, and product engineering tooling to automate evidence collection and continuous control testing.
Atlan is building the missing context layer for data and AI, helping enterprises close the AI value chasm and finally move AI pilots into production. We are backed by world-class investors including GIC, Insight Partners, Meritech, Peak XV, and Salesforce Ventures and trusted by global enterprises like Mastercard, Workday, General Motors, Unilever and others.
Lead audit readiness and execution for SOC 2, ISO 27001, PCI DSS, and other compliance frameworks relevant to our customer base
Manage the compliance lifecycle in a compliance platfom (such as Vanta, Drata etc) including evidence collection, control mapping, and continuous monitoring
Coordinate cross-functional audit activities with engineering, product, security, infrastructure, and support teams to gather evidence and remediate findings
Supabase is a born-remote and open-source-first company that provides tools developers love. They have 180+ team members across 40+ countries, and deeply believe in the open-source ecosystem and strive to support existing tools and communities.
Oversee third-party and internal risk assessments to support enterprise information security and governance, risk, and compliance (GRC) initiatives.
Manage vendor due diligence, maintains an accurate risk register, partners with internal stakeholders on mitigation strategies.
Drive continuous improvement of the risk and compliance framework.
Concorde Career Colleges is committed to a policy of Equal Employment Opportunity and will not discriminate against an applicant or employee based on race, color, religion, religious creed, national origin, ancestry, sex, age, veteran or military status, or any other legally protected characteristic. Concorde Career Colleges offer short career-focused programs preparing students for the healthcare industry.
Partner with organizations of all sizes and industries
Evaluate IT and security controls for compliance and effectiveness
Advise on security + privacy requirements (state & federal)
Clark Schaefer Hackett provides customized solutions leveraging strategic skills, financial and operational leadership, and technological advances. They are an elite community that includes trusted advisors with Clark Schaefer Hackett, Clark Schaefer Consulting, and Clark Schaefer Strategic HR.
Collaborate with the engineering departments to implement security controls from approved security frameworks and drive best IT practices.
Interface with internal partner teams to help drive best practices and compliance.
Evaluate and perform Risk Assessments of new software solutions with internal partners.
Judi Health is an enterprise health technology company providing a comprehensive suite of solutions for employers and health plans. They consolidate all claim administration-related workflows in one scalable, secure platform and are working with clients, rebuilding trust in healthcare in the U.S.
Manage SOC 2 Type II audits, serving as the primary point of contact for auditors and collaborators.
Coordinate HIPAA compliance assessments, including risk analyses, policy reviews, and Business Associate Agreement (BAA) management.
Conduct structured gap analyses against applicable frameworks to identify control deficiencies and develop prioritized remediation roadmaps.
Rad AI is transforming healthcare with AI-driven solutions, revolutionizing radiology to save time, reduce burnout, and improve patient care. They have secured over $140M in funding and recognized as a fast-growing company, fostering transparency, inclusion, and close collaboration.
Manage and improve the Information Security Management System.
Maintain compliance with key frameworks and certifications.
Translate regulatory requirements into technical controls.
Jobgether uses an AI-powered matching process to ensure applications are reviewed quickly, objectively, and fairly against the role's core requirements. Their system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company.
Maintain documentation for ISO/IEC 27001 & ISO/IEC 42001; improve activities.
Extract security requirements from client MSAs; identify gaps and risks.
Coordinate internal and client audit requests; collect evidence.
Avalere Health's mission is to ensure every patient is identified, treated, supported, and cared for. They bring Advisory, Medical, and Marketing teams together to forge unconventional connections, building a future where healthcare is not a barrier and no patient is left behind.
Provide SA/OSA subject matter expertise to the Information System Security and Authorization program.
Review ATO packages under the RMF for customer systems and the systems of the external partners.
Coordinate and assist with data calls and data collection efforts for audit and compliance reporting.
SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider. With operations across the U.S., they deliver innovative enterprise-wide solutions and targeted services to federal government clients. They value their people and systems to create value for their clients and foster a collaborative team culture.
Own and evolve the GRC program in partnership with Legal and our CCO.
Develop, maintain, and enforce clear, practical security policies across all departments.
Develop and execute a comprehensive information security roadmap aligned with business objectives.
Allocate is a fintech company handling sensitive investor data and financial transactions. They are a rapidly growing organization that values client service, relentless problem-solving, and continuous improvement.
Monitor and validate Kubernetes and data lake deployments for compliance.
Maintain continuous monitoring dashboards and conduct vulnerability scans.
Prepare and update system security documentation.
Founded in 1989, SOSi is among the largest private, founder-owned technology and services integrators in the defense and government services industry. They deliver tailored solutions, tested leadership, and trusted results to enable national security missions worldwide.
Own our SOC 2 Type 2 and HIPAA compliance programs.
Own IT operations end-to-end, from onboarding to offboarding.
Counterpart helps small businesses do more with less risk. They pair leading insurance experts with cutting-edge technology to empower small business owners to grow with confidence.
Lead the technical design, implementation, and ongoing security operations of a Microsoft 365 GCC High environment supporting Controlled Unclassified Information (CUI).
Implement and evidence compliance with CMMC Level 2, DFARS 7012, and NIST 800-171 controls.
Act as the technical owner of the GCC High enclave, partnering with Security, Legal, and IT to ensure audit readiness and successful certification by May 2026.
ServiceNow, founded in 2004, is a global market leader providing AI-enhanced technology to over 8,100 customers, including 85% of the Fortune 500. They offer an intelligent cloud-based platform that connects people, systems, and processes to empower organizations to find smarter, faster, and better ways to work.
Drive adoption of a Secure Software Development Lifecycle (SSDLC) across engineering teams.
Implement and integrate application security tooling into CI/CD pipelines, improving vulnerability detection and remediation.
Establish consistent threat modelling and secure design practices across new features and products.
Neko Health's mission is to deliver proactive healthcare for all, empowering members to take control of their health via technology and compassionate care. They have nearly 100 full-time engineers working across Berlin, Chamonix, Hamburg, Lisbon, Marseille, Vilnius, and Stockholm and they support a flexible workplace that prioritizes work-life balance.
Support and execute security incident response activities.
Operate and improve enterprise security controls and tooling.
Coordinate security investigations with DevOps, IT, and Engineering teams.
Keeper Security transforms cybersecurity for organizations around the world with next-generation privileged access management. Keeper’s zero-trust and zero-knowledge cybersecurity solutions are FedRAMP and GovRAMP Authorized, FIPS 140-2 validated, as well as SOC 2 and ISO 27001 certified.
Own and lead the FedRAMP High authorization program.
Serve as the primary point of accountability for government compliance programs.
Manage compliance roadmaps, milestones, dependencies, risks, and remediation efforts.
Commvault is the gold standard in cyber resilience. The company empowers customers to uncover, take action, and rapidly recover from cyberattacks – keeping data safe and businesses resilient. For over 25 years, more than 100,000 organizations and a vast partner ecosystem have relied on Commvault to reduce risks, improve governance, and do more with data.