Key skills
Cyber SecurityLeadershipRisk ManagementCommunicationCollaboration
About this role
Role Overview
- Serve as the primary compliance and governance contact for assigned MSP and MSSP clients.
- Guide clients through compliance readiness efforts, including planning, documentation, policy development, evidence preparation, and auditor-facing coordination.
- Own the onboarding and ongoing service experience for compliance-focused MSSP clients.
- Prepare and deliver compliance-focused security QBRs, cadence calls, and client status updates.
- Write, update, and maintain Written Information Security Programs, security policies, governance documentation, and related client-facing materials.
- Help scope, coordinate, and manage compliance and security projects to ensure work is scheduled, communicated, and delivered on time.
- Support Microsoft Purview, data governance, sensitivity labeling, and Bronze/Silver/Gold data classification initiatives for Endsight and its clients.
- Advise internal leaders on compliance, governance, data protection, and risk management needs.
- Coordinate with security analysts, Client Strategy Managers (CSMs), consultants, leadership, and client stakeholders to keep compliance work moving.
- Participate in customized cybersecurity awareness training efforts for clients.
- Support the security team's shared SOC alert and on-call process by assisting with initial triage and communication when needed. This is not a hands-on technical support role.
Requirements
- Bachelor's degree and 6+ years of relevant experience, or 10+ years of IT, cybersecurity, compliance, or governance experience in lieu of a degree.
- Experience advising clients or internal stakeholders on security governance, compliance readiness, and risk management.
- Working knowledge of compliance and security frameworks such as NIST, CIS Controls, SOC 2, ISO 27001, HIPAA, and/or CMMC.
- Minimum 2 years of experience with Microsoft Purview, including data governance, sensitivity labeling, information protection, or related Microsoft 365 compliance capabilities.
- SC-401 passed within three months of hire or previously attained. Endsight will pay for training and exams if not previously completed.
- CCP certification within six months of hire or previously attained. Endsight will pay for training and exams if not previously completed.
- Strong technical writing skills, including the ability to create policies, security program documentation, status reports, and executive/client-facing communications.
- Excellent communication, organization, collaboration, and follow-through.
- Ability to manage competing demands across clients, internal teams, and leadership priorities.
- Strong attention to detail.
- Ability to work independently in a remote environment.
- Self-motivated, proactive, and comfortable moving work forward without constant direction.
- U.S. citizenship.
- Current CCP and Microsoft SC-401 certification.
- CISA, CISM, CISSP, or similar governance, risk, compliance, or security certification.
- Experience in an MSP, MSSP, consulting, or client-facing security services environment.
- Experience supporting clients through CMMC, ISO 27001, HIPAA, SOC 2, or other regulated compliance efforts.
- Familiarity with security QBRs, client roadmaps, compliance reporting, and executive-level risk communication.
- Ability to turn complex requirements into practical plans, visuals, summaries, and client-ready explanations.
- Strong analytical and problem-solving skills.
- Genuine curiosity for cybersecurity, governance, and continuous improvement.
Tech Stack
- Cyber Security
Benefits
- Medical: Company pays 100% of the base plan for the employee and family
- Dental & Vision
- 401(k) with employer matching
- Accrued Paid Time Off
- 9 Paid Holidays
- Career Pathing