Conduct gap assessments against CMMC/NIST SP 800-171 requirements
Assist with the development and updates to the System Security Plan (SSP) and POA&M
Broadway Ventures transforms challenges into opportunities with expert program management, cutting-edge technology, and innovative consulting solutions. As an 8(a), HUBZone, and Service-Disabled Veteran-Owned Small Business (SDVOSB), they empower government and private sector clients by delivering tailored solutions that drive operational success, sustainability, and growth.
Manage the company's technology infrastructure, including cloud services, networking, and internal application stack.
Develop and execute the long-term IT roadmap to support Zócalo Health’s rapid growth and scalability.
Own and lead the HITRUST certification program, including control implementation, documentation, and audit readiness.
Zócalo Health is a tech-enabled, community-oriented primary care organization serving people who have historically been underserved by the healthcare system. Founded in 2021, Zócalo Health is backed by leading healthcare and mission-aligned investors and is scaling rapidly across states and populations.
Implement and maintain enterprise security tooling and approved configuration baselines across endpoints, browsers, SaaS platforms, and identity systems.
Partner with Corporate Security Engineering leadership and Vulnerability Management to ensure configuration controls and remediation efforts are aligned, measurable, and enforceable.
Continuously improve security configurations by reducing drift, expanding automation, and strengthening documentation and evidence collection to support audit readiness.
Onebrief provides collaboration and AI-powered workflow software specifically for military staffs, enhancing their speed, intelligence, and efficiency. It's a remote-first company with a team of veterans and technologists, valued at $2.15B, backed by top-tier investors.
Own our SOC 2 Type 2 and HIPAA compliance programs.
Own IT operations end-to-end, from onboarding to offboarding.
Counterpart helps small businesses do more with less risk. They pair leading insurance experts with cutting-edge technology to empower small business owners to grow with confidence.
Lead, scale, and secure core IT operations in a fast-growing, court-facing organization.
Own the reliability, security, and scalability of Magna’s technology environment.
Support enterprise clients with demanding operational, security, and audit expectations.
Magna Legal Services provides end-to-end legal support services to law firms, corporations, and governmental agencies throughout the nation. As an end-to-end service provider, they can provide strategic advantages to their clients by offering legal support services at every stage of their legal proceedings.
Accelerate Onebrief’s execution of GRC programs supporting NIST RMF, FedRAMP High, CMMC, and SOC2 authorizations
Develop and manage integrated project plans for control implementation, remediation, and continuous monitoring
Coordinate cross-functional teams (Infrastructure, Engineering, Product) to ensure timely delivery of compliance requirements
Onebrief provides collaboration and AI-powered workflow software designed specifically for military staffs, aiming to make them faster, smarter, and more efficient. Valued at $2.15B, the company has raised $320m+ from top-tier investors and operates as an all-remote company.
Own the strategy and maturity roadmap for corporate security engineering and operations.
Manage and develop System Security Engineers and Security Operations Analysts.
Strengthen configuration enforcement, vulnerability remediation, monitoring quality, and detection coverage.
Onebrief is collaboration and AI-powered workflow software designed specifically for military staffs. Founded in 2019, today, Onebrief’s team spans veterans from all forces and global organizations, and technologists from leading-edge software companies.
IFS is a billion-dollar revenue company with 7000+ employees on all continents. Their leading AI technology is the backbone of their award-winning enterprise software solutions, enabling customers to be their best when it really matters–at the Moment of Service™.
Enhances the strategic pillars of a security compliance program and facilitate day-to-day compliance operations.
Involved in multiple areas of the business where compliance and security impact operations.
Works on assignments that are complex and require professional skepticism, judgment, initiative, and knowledge of SaaS Company positions.
Optro is the leading audit, risk, ESG, and InfoSec platform on the market, surpassing $300M ARR and continuing to grow. More than 50% of the Fortune 500 leverage their award-winning technology. They inspire each other to innovate and are proud of what they are producing.
Support client engagements related to CMMC readiness, implementation, and documentation
Develop, update, and maintain System Security Plans (SSPs)
Assist with NIST SP 800-171, NIST SP 800-53, and FedRAMP documentation, control mapping, and related deliverables
Hotman Group is a remote boutique cybersecurity and GRC firm supporting clients across a range of industries and compliance needs. They value strong writing, quality work, collaboration, sound judgment, and practical execution.
Manage and develop staff members under Product Compliance.
Oversee and contribute to the vulnerability management lifecycle.
Assess and serve as a subject matter expert for regulatory and compliance requirements.
ExtraHop is a company that focuses on network detection and response (NDR) to help organizations stay ahead of emerging threats. They integrate network threat detection, network performance management, intrusion detection, and packet forensics into a single console.
Own enterprise security, cloud, and application security, and corporate IT.
Lead security engineering, security operations, and corporate IT.
Partner closely with Engineering, Platform, and Operations to embed security and reliability into how Redox builds and runs software.
Redox aims to accelerate healthcare’s transformation with useful data. Redox Engine connects and powers real-time healthcare data exchange across a network of 12,000+ systems and organizations.
Own and evolve MHN’s enterprise security strategy aligned with business goals and healthcare regulatory requirements.
Lead security architecture and controls within Microsoft Azure, including identity and access management, network security, encryption, logging, and monitoring.
Develop and oversee security risk assessments, threat modeling, and vulnerability management programs.
Medical Home Network (MHN) partners with Federally Qualified Health Centers (FQHCs) nationwide to transform care in the safety net, reduce health disparities, and build healthier communities. It is a mission-driven public benefit corporation that helps FQHCs succeed in value-based care through technology, care model innovation, and strong partnerships.
In collaboration, develop and maintain the Security Architecture roadmap that preserves a strong security posture and aligns with corporate objectives.
Lead the development and implementation of automation for established and new security processes to increase operational efficiency and reduce manual intervention.
Develop the architectural framework for the secure deployment of AI, designing foundational layers for Model Security, Data Privacy, and Autonomous Agent orchestration.
Bestow is a leading vertical technology platform serving some of the largest and most innovative life insurers. Their platform unifies the fragmented, legacy value chain, enabling carriers to launch products in weeks instead of years.
Oversee the internal cybersecurity program, road map, and strategy.
Partner with Product, Engineering, Legal, and Compliance leadership to determine risks and deploy risk management processes.
Serve as Waymark’s HIPAA Security Officer, ensuring compliance with the HIPAA Security Rule.
Waymark is a mission-driven team transforming care for people with Medicaid benefits. They partner with communities, delivering technology-enabled, human-centered support to help patients stay healthy and thrive in Medicaid healthcare delivery.
Partner with organizations of all sizes and industries
Evaluate IT and security controls for compliance and effectiveness
Advise on security + privacy requirements (state & federal)
Clark Schaefer Hackett provides customized solutions leveraging strategic skills, financial and operational leadership, and technological advances. They are an elite community that includes trusted advisors with Clark Schaefer Hackett, Clark Schaefer Consulting, and Clark Schaefer Strategic HR.
Own the strategy and execution for the Cloudflare ecosystem to secure the network edge.
Lead the design of security controls within Google Cloud Platform, specifically for Vertex AI, BigQuery, VPC Service Controls, IAM, and Security Command Center.
Embed security into CI/CD pipelines (Cloud Build, GitHub Actions) using Infrastructure as Code (Terraform).
Kareo and PatientPop joined forces to become Tebra, the digital backbone for practice well-being, helping independent practices bring modernized care to patients everywhere. Well over 100,000 providers trust them to elevate their patient experience and grow their practice.
Own end-to-end operational delivery for Keeper’s U.S. Federal deployments.
Serve as a hands-on technical lead for federal platform operations.
Lead cross-functional execution to align Engineering, Security, Product, QA, and Customer Success.
Keeper Security transforms cybersecurity for organizations globally with zero-trust privileged access management. Keeper’s intuitive solutions are built with end-to-end encryption and trusted by federal agencies including the Departments of Justice and Energy.
Own and oversee operation of multiple on-prem datacenters, manage cloud (Azure and AWS) infrastructure for corporate workloads ensuring performance, reliability, and scalability.
Lead administration, optimization, and ongoing development of core internal systems, including Microsoft Dynamics CRM.
Strengthen and maintain the company’s security posture across infrastructure, endpoints, identity, and data.
BCC Software is the leading postal and presort software solutions provider. With over 45 years of industry experience, they are dedicated to ensuring that all of their software products and marketing solutions are always ahead of the curve and compliant with the latest USPS® regulations.
Manage SOC 2 Type II audits, serving as the primary point of contact for auditors and collaborators.
Coordinate HIPAA compliance assessments, including risk analyses, policy reviews, and Business Associate Agreement (BAA) management.
Conduct structured gap analyses against applicable frameworks to identify control deficiencies and develop prioritized remediation roadmaps.
Rad AI is transforming healthcare with AI-driven solutions, revolutionizing radiology to save time, reduce burnout, and improve patient care. They have secured over $140M in funding and recognized as a fast-growing company, fostering transparency, inclusion, and close collaboration.