Execute and enhance governance, risk, and compliance operations for Socure's public sector business, managing vulnerability remediation and audit readiness.
Coordinate external assessments, maintain FedRAMP/GovRAMP documentation, and automate evidence collection to meet rigorous framework standards.
Design automation-first continuous monitoring programs, lead vulnerability management, and serve as a security subject matter expert for public sector sales activities.
Accelerate Onebrief’s execution of GRC programs supporting NIST RMF, FedRAMP High, CMMC, and SOC2 authorizations
Develop and manage integrated project plans for control implementation, remediation, and continuous monitoring
Coordinate cross-functional teams (Infrastructure, Engineering, Product) to ensure timely delivery of compliance requirements
Onebrief provides collaboration and AI-powered workflow software designed specifically for military staffs, aiming to make them faster, smarter, and more efficient. Valued at $2.15B, the company has raised $320m+ from top-tier investors and operates as an all-remote company.
Apply compliance frameworks to assess, design, and implement security controls.
Conduct compliance gap assessments and develop remediation plans.
Create and maintain key documentation tailored to client needs.
AHEAD builds platforms for digital business by weaving together advances in cloud infrastructure, automation and analytics, and software delivery. They prioritize creating a culture of belonging where all perspectives and voices are represented, valued, respected, and heard.
Build and scale the enterprise GRC program, including risk management, compliance, and policy frameworks.
Lead compliance certification programs like SOC 2, HIPAA, and HITRUST, managing audit preparedness and execution.
Oversee GRC platforms and control monitoring while developing policies aligned with frameworks such as NIST and ISO 27001.
Aledade is a public benefit corporation that empowers independent primary care practices to thrive in value-based care by creating value-based contracts across various health plans.The company is the largest network of independent primary care in the country, featuring a collaborative, inclusive, remote-first culture driven by a shared passion for public health.
Lead Craft’s FedRAMP readiness program — defining the roadmap, owning the ATO timeline, and driving execution across engineering and security stakeholders.
Design and implement AWS GovCloud architecture that meets FedRAMP Moderate and High requirements.
Translate NIST 800-53 Rev. 5 controls into concrete, auditable, and continuously enforced technical implementations — not just documentation.
Craft is the leader in supplier risk intelligence, enabling enterprises to discover, evaluate, and continuously monitor their suppliers at scale. They are a post-Series B high-growth technology company backed by top-tier investors in Silicon Valley and Europe, headquartered in San Francisco with hubs in Seattle and Warsaw.
Develop, maintain, and continuously improve GRC policies, standards, procedures, and control frameworks.
Lead and support SOC 2 Type II, ISO 27001, PCI DSS and other compliance initiatives, including evidence collection, control validation, and remediation tracking.
Partner with Security and Platform teams to ensure controls are technically implemented, not just documented.
HighLevel is an AI powered, all-in-one white-label sales & marketing platform that empowers agencies, entrepreneurs, and businesses to elevate their digital presence and drive growth. With over 1,500 team members across 15+ countries, we operate in a global, remote-first environment.
Own all cybersecurity operations for assigned workstream: SIEM/EDR, identity and access management, vulnerability remediation, patching, and security monitoring.
Manage ATO packages and lead system accreditation efforts across mission and enterprise systems, ensuring compliance with RMF, FISMA, and customer-specific controls.
Peraton is a next-generation national security company that drives missions of consequence spanning the globe. As a mission capability integrator and transformative enterprise IT provider, they deliver trusted, highly differentiated solutions and technologies to protect our nation and allies.
As the first dedicated InfoSec hire, you'll secure organizational systems, data, and operations.
You will develop and maintain a practical framework for securely deploying AI tools across the organization.
You will lead security incident response, investigate alerts, and coordinate containment.
Customer.io's platform is used by over 8,000 companies to send billions of messages daily. They power automated communication and help teams send smarter messages using real-time behavioral data, operating as a globally distributed, remote-first company.
Owns and manages the organization’s enterprise certification frameworks.
Develop and maintain policies and procedures supporting certification frameworks.
Support proposal teams by validating and documenting certification compliance.
Lynker Corporation is a leading provider of innovative solutions in weather and climate science. They leverage cutting-edge technologies and scientific expertise to support improved operational weather forecasts. Lynker is a growing, employee-owned business specializing in professional, scientific, and technical services with a team-oriented work environment.
Execute end-to-end third-party and vendor risk assessments.
Develop, maintain, and enhance risk metrics, dashboards, and reporting.
Assist with additional GRC activities as needed, including policy management, risk assessments, control testing, and compliance initiatives
Aprio is a Top 20 CPA and advisory firm that accounts for anything. With over 3,200 team members and 40 U.S. office locations, plus international offices, they bring proven expertise and strategic foresight to fast-growing industries.
Track and drive audit partners through the onboarding and enablement lifecycle; maintain internal trackers and coordinate across teams.
Keep the auditor directory accurate and current; verify accreditation status and update partner profiles.
Assist the SME in mapping audit evidence requirements to platform capabilities; prepare reference data and document findings.
Sprinto is an AI-native GRC platform that helps organizations manage risks, audits, vendor oversight, and continuous monitoring from a single connected platform. With a team of 350+ employees serving 3,000+ customers across 75+ countries, they combine scale with expertise to deliver trust and compliance.
Serve as the central point of contact for the Government’s Contracting Officer.
Lead overall contract governance, risk management, staffing oversight, and performance execution.
Ensure compliance with government regulatory cybersecurity requirements.
Electrosoft Services, Inc. provides technology-based solutions and services to federal customers. They focus on cybersecurity, ICAM, enterprise IT modernization, and software solutions and retain qualified employees while offering meaningful work, growth opportunities, and work-life balance.
Own and maintain security and compliance documentation, including policies and procedures.
Support commercial teams in complex information security and compliance negotiations.
Manage ISO 27001 compliance, certification maintenance, and audit preparations.
Gearset handles Salesforce DevOps for some of the world's largest companies. The company operates with a modern approach to security and compliance in a growing, ambitious environment.
Safeguard assets and global reputation, acting as a strategic partner.
Lead risk mitigation strategies and ensure compliance with global standards.
Develop a world-class GRC program that aligns with strategic goals.
EcoVadis is the leading provider of business sustainability ratings. Our solutions are backed by an international team of experts and powerful technology. They analyze data and build sustainability scorecards that give companies actionable insights into their environmental, social and ethical risks.
Implement and maintain enterprise security tooling and approved configuration baselines across endpoints, browsers, SaaS platforms, and identity systems.
Partner with Corporate Security Engineering leadership and Vulnerability Management to ensure configuration controls and remediation efforts are aligned, measurable, and enforceable.
Continuously improve security configurations by reducing drift, expanding automation, and strengthening documentation and evidence collection to support audit readiness.
Onebrief provides collaboration and AI-powered workflow software specifically for military staffs, enhancing their speed, intelligence, and efficiency. It's a remote-first company with a team of veterans and technologists, valued at $2.15B, backed by top-tier investors.
Collaborate with business leadership, Legal, Procurement, and Cyber to review terms and conditions, ensuring vendor and client obligations align with internal cyber controls.
Track and monitor the status and completeness of risk remediations in the risk register with business stakeholders, and educate on risks and controls.
Contribute to program enhancements and drive automation with IT and Cybersecurity stakeholders while maintaining a deep understanding of organizational objectives and emerging risks.
NBCUniversal is a leading media and entertainment company that creates world-class content distributed across film, television, and streaming, and operates global theme parks. It has a large workforce focused on an inclusive culture and community impact, delivering a wide range of content reflecting the world.
Lead end-to-end PCI DSS compliance, including CDE scoping and reduction, control implementation/validation, and audit management.
Lead and support SOC 2 Type II attestation initiatives, including TSC mapping, evidence collection, control testing, and remediation tracking
Own the Third-Party Risk Management (TPRM) program, including vendor tiering, risk assessments, and security reviews
HighLevel is an AI-powered business operating system that gives agencies, entrepreneurs and SMBs the infrastructure to build, automate and scale. With over 2,000 team members across 10+ countries, HighLevel operates as a global, remote-first organization built for speed and ownership.
Responsible for LINK’s day-to-day IT operations, cybersecurity program, and regulatory compliance posture.
Primary internal owner of IT governance and federal compliance, leading the organization through its Cybersecurity Maturity Model Certification (CMMC) Level 2 third-party assessment.
Build repeatable processes and a maturing IT infrastructure that supports LINK’s continued growth as a government contractor.
LINK is a fast-growing Woman Owned Small Business (WOSB) that leverages human-centered design to support strategy, innovation, communication, change, and branding within the federal government and adjacent industry partners. They partner with engineers, futurists, and thought leaders to untangle complexity, discover opportunity, and communicate clearly with visual stories.
Design, implement, and sustain security architecture across AWS GovCloud.
Execute and maintain RMF activities across all system components.
Implement, validate, and continuously maintain DISA STIG compliance across all infrastructure components.
Foxhole Technology provides robust cybersecurity and IT support capabilities for federal civilian and defense agencies. A recognized leader in navigating technology and security challenges, Foxhole delivers mission-focused innovations to answer evolving and complex needs.
Design, operate, and mature the Third-Party Risk Management program from compliance-driven to risk-based.
Perform technical security assessments of vendors, review SOC 2 reports, and manage remediation.
Support privacy operations, cyber GRC, and security enablement while advising business stakeholders.
Vuori designs athletic apparel built for fitness and everyday life, inspired by an active coastal California lifestyle. The company is a high-energy, fast-paced organization that values personal growth and success, fostering a fun and enthusiastic work environment.