Oversee third-party and internal risk assessments to support enterprise information security and governance, risk, and compliance (GRC) initiatives.
Manage vendor due diligence, maintains an accurate risk register, partners with internal stakeholders on mitigation strategies.
Drive continuous improvement of the risk and compliance framework.
Concorde Career Colleges is committed to a policy of Equal Employment Opportunity and will not discriminate against an applicant or employee based on race, color, religion, religious creed, national origin, ancestry, sex, age, veteran or military status, or any other legally protected characteristic. Concorde Career Colleges offer short career-focused programs preparing students for the healthcare industry.
Support the development, implementation, and maintenance of IT compliance policies, standards, procedures, and controls.
Coordinate and support internal and external audits, including preparation of documentation, evidence collection, and remediation tracking.
Perform periodic compliance assessments, gap analyses, and risk assessments against applicable frameworks and standards.
Xcelerate Solutions, founded in 2009 and located in McLean, VA, is a fast-growing company. The company is defined by a diversified workforce of dynamic and versatile professionals, with growth and development opportunities that contribute to individual and firm growth.
Lead audit readiness and execution for SOC 2, ISO 27001, PCI DSS, and other compliance frameworks relevant to our customer base
Manage the compliance lifecycle in a compliance platfom (such as Vanta, Drata etc) including evidence collection, control mapping, and continuous monitoring
Coordinate cross-functional audit activities with engineering, product, security, infrastructure, and support teams to gather evidence and remediate findings
Supabase is a born-remote and open-source-first company that provides tools developers love. They have 180+ team members across 40+ countries, and deeply believe in the open-source ecosystem and strive to support existing tools and communities.
Lead end-to-end audits: Scope, plan, and execute risk based IT audits; develop work programs.
Operate in rapidly evolving technology domains: Perform audits in rapidly evolving areas including cybersecurity and cloud architecture.
Drive remediation & improvement: Quantify risks, identify root causes, and recommend realistic improvements to processes and controls.
CDK Global is a leading provider of cloud-based software to dealerships and Original Equipment Manufacturers (“OEMs”) across automotive and related industries. Their cloud-based, software as a service (“SaaS”) platform enables dealerships to manage their end-to-end business operations. They are committed to creating an inclusive workforce where everyone is valued and considered an Equal Opportunity Employer.
Partner with engineering to drive technical implementation of controls throughout the product and infrastructure
Design, implement, and continuously improve security controls across AWS infrastructure and application architecture
Enhance and tune monitoring and detection capabilities in support of customer security and incident response capabilities
AlertMedia helps organizations protect their people and businesses through all phases of an emergency. Their award-winning threat intelligence, emergency communication, and travel risk management solutions help companies of all sizes identify, respond to, and recover from critical events faster and more confidently. They support essential communication for thousands of leading businesses in more than 150 countries.
Develops and refines performance methodologies that support the cybersecurity requirements.
Oversee independent assessments and review Security Impact Analyses (SIA).
Incorporate compliance data into the Governance, Risk, and Compliance Tool (GRCT).
SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider. It is an established ISO 9001:2015 and ISO/IEC 27001:2013 certified small business and appraised at CMMI Level 3 for Services and Development.
Assess and improve client security and IT controls.
Develop policies, processes, and risk assessments aligned to top frameworks like NIST, ISO 27001, and SOC 2.
Translate technical and regulatory requirements into clear, actionable steps for our clients.
Hotman Group is a rapidly growing boutique firm redefining cybersecurity and GRC. They help business leaders earn and keep customer trust through expert guidance and a commitment to quality, fostering a collaborative environment where every voice matters.
Lead and manage SOC 1 and SOC 2 examinations under AICPA standards.
Support end-to-end SOX planning and execution, including IT system scoping.
Act as a trusted advisor to Security, IT, Infrastructure, Engineering, Data, and Finance teams.
Kraken is a mission-focused company rooted in crypto values. They are committed to accelerating the global adoption of crypto, so that everyone can achieve financial freedom and inclusion. As a fully remote company, they have Krakenites in 70+ countries who speak over 50 languages.
Liaise with the SOX Testing team and key stakeholders to ensure Flywire’s overall compliance with SOX requirements.
Drive efforts to improve SOX IT scoping strategies and develop a comprehensive understanding of applicable IT and business processes.
Evaluate and track reported control deficiencies, root causes, and planned corrective actions in conjunction with IT and business process owners.
Flywire is a global payments enablement and software company that helps clients get paid and their customers pay with ease. With over 1,200 global FlyMates, representing more than 40 nationalities, they are looking for FlyMates to join the next stage of their journey as they continue to grow.
Execute IT audit engagements, including audit planning, risk assessment, testing, documentation, and reporting.
Provide expert technical expertise on mainframes, privileged access management, system configuration, and resiliency.
Advise on security and compliance issues, including access control frameworks, audit logging, traceability, and cybersecurity fundamentals.
Jobgether uses an AI-powered matching process to ensure applications are reviewed quickly, objectively, and fairly. They identify the top-fitting candidates and share the shortlist with the hiring company.
Own and operate compliance programs such as SOC 2, ISO 27001, ISO27701, HIPAA, and TISAX.
Lead and manage internal, external, and customer audits end-to-end.
Track, remediate, and validate 100% of audit findings within agreed SLAs.
Airtable is the no-code app platform that empowers people closest to the work to accelerate their most critical business processes. More than 500,000 organizations rely on Airtable to transform how work gets done and they strive to create a workplace where everyone has an equal opportunity to thrive.
Execution and monitoring of SOC 2, HIPAA, and HITRUST compliance (using Vanta)
9amHealth is a specialized cardiometabolic care company that provides custom care plans, prescription medications, and expert guidance to help members live healthier. Backed by 7Wire Ventures, Human Capital, Founders Fund, and others, with a total funding of 25 million dollars, they are on a growth trajectory to achieve a more connected care approach for cardiometabolic health.
Manage certification frameworks, including CMMC, NIST, and SOC 2.
Develop, track, and maintain security and compliance policy documents.
Analyze and review system configurations for security vulnerabilities.
Rubris Inc. provides transformational legal technology and solutions for complex business and legal processes in the mass tort industry. They streamline and automate processes to improve efficiency while delivering unprecedented insights and analytics.
Manage inbound security questionnaires from partner physician practices.
Lead security evaluations for Aledade’s vendors and analyze SOC2 reports.
Maintain and optimize our security response repository and identify bottlenecks.
Aledade empowers independent primary care, becoming the largest network of its kind in the US. The company fosters a collaborative, inclusive, and remote-first culture, aiming to improve healthcare for patients, practices, and society.
Lead security governance, risk management, and compliance efforts.
Oversee security operations and incident response.
Partner with IT, Clinical Operations, Privacy, and Compliance to ensure regulatory requirements and industry frameworks.
Tuesday Health is a value-based palliative care provider group dedicated to transforming serious illness and end-of-life care. Through their leading-edge care model, Tuesday Health is shaping the future of community-based palliative care nationwide.
Provide SA/OSA subject matter expertise to the Information System Security and Authorization program.
Review ATO packages under the RMF for customer systems and the systems of the external partners.
Coordinate and assist with data calls and data collection efforts for audit and compliance reporting.
SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider. With operations across the U.S., they deliver innovative enterprise-wide solutions and targeted services to federal government clients. They value their people and systems to create value for their clients and foster a collaborative team culture.
Seek out opportunities to evangelize AuditBoard’s value to partners.
Lead compelling demonstrations and training of AuditBoard’s IT Risk and Compliance (ITRC) solutions to AuditBoard’s strategic partners tailored to a partners GTM approach.
Maintain accurate mapping of partners’ field teams, penetration rates across our practice lines, and identify opportunities to increase our footprint.
AuditBoard is the leading audit, risk, ESG, and InfoSec platform on the market, surpassing $300M ARR and continuing to grow. More than 50% of the Fortune 500 leverage their award-winning technology to move their businesses forward with greater clarity and agility. They are one of the 500 fastest-growing tech companies in North America.
Drive and enable proactive identification, analysis, and remediation of security vulnerabilities.
Respond to manage pen testing and bug bounty programs.
Work in partnership with Software Architecture, Risk/Compliance, the SRE team, and other partners, to integrate security capabilities into the SDLC.
Subsplash builds The Ultimate Engagement Platform™ for churches, Christian ministries, non-profits, and businesses around the world. They are a family-owned and operated company of 290+ mission-driven people.
Support and execute security incident response activities.
Operate and improve enterprise security controls and tooling.
Coordinate security investigations with DevOps, IT, and Engineering teams.
Keeper Security transforms cybersecurity for organizations around the world with next-generation privileged access management. Keeper’s zero-trust and zero-knowledge cybersecurity solutions are FedRAMP and GovRAMP Authorized, FIPS 140-2 validated, as well as SOC 2 and ISO 27001 certified.
You will review, challenge, and strengthen our systems, act as the security authority within engineering, define guardrails, and drive remediation when risks arise.
Operating independently, you’ll build the structure and standards needed as we scale.
Your mission is to own the company wide security strategy and architecture, ensure CIRO and SOC 2 alignment, and embed strong security practices across infrastructure, applications, and internal systems, while enabling engineering velocity.
Newton is changing how Canadians trade crypto, with the goal to make financial freedom something everyone can achieve by giving customers the tools and knowledge they need to navigate the crypto world. At Newton, you'll work with a remote team spread across Canada.