Key skills
Cyber SecurityLeadershipCommunication
About this role
Role Overview
- Maintain and update information security policies, standards, and procedures in alignment with modern cybersecurity frameworks and regulatory requirements, including GovRAMP, FedRAMP, ISO 27001, PCI DSS, and SOC 2.
- Maintain System Security Plans (SSPs) to ensure system boundaries, control implementations, and control inheritance accurately reflect the current state of production systems.
- Coordinate and manage internal and external compliance assessment activities, including audit planning, audit fieldwork coordination, evidence collection and preservation, and support of audit responses.
- Manage continuous monitoring activities, including tracking, updating, and reporting Plan of Actions and Milestones (POA&Ms) to support risk remediation and security posture communication.
- Support risk assessments and control gap analyses by identifying security and compliance deficiencies and collaborating with stakeholders to define remediation approaches.
- Define, track, and report key compliance metrics to measure program effectiveness and communicate compliance posture to leadership and governance committees.
- Partner closely with engineering, operations, and production teams to ensure security requirements are documented, implemented consistently, and remain audit-ready across systems.
- Develop and maintain audit-ready evidence repositories to support repeatable, efficient compliance assessments and reduce audit cycle time.
- Provide guidance to system owners and control owners on compliance expectations, documentation standards, and control implementation requirements.
Requirements
- Bachelor’s degree in Cybersecurity, Information Security, Information Systems, or a related field (preferred), or equivalent professional experience.
- 3–5 years of experience in information security compliance, cybersecurity assurance, GRC, or a related field.
- Demonstrated experience managing System Security Plans (SSPs) and supporting documentation for enterprise systems.
- Experience supporting compliance audits and certifications, including NIST 800-53 (FedRAMP/GovRAMP), ISO 27001, PCI DSS, and/or SOC 2.
- Strong understanding of modern information security compliance frameworks and control-based security programs (e.g., NIST 800-53, ISO 27001, SOC 2).
- Ability to interpret regulatory and compliance requirements and translate them into clear, actionable documentation.
- Strong analytical, writing, and organizational skills with exceptional attention to detail.
- Ability to manage multiple compliance activities concurrently while meeting deadlines and quality expectations.
- Certifications Security+, GSEC, or equivalent certification preferred.
Tech Stack
- Cyber Security
Benefits
- Comprehensive health insurance
- Dental insurance
- Vision insurance
- Flexible Time Off
- 401(k) plan