Job Description:
• Lead and execute compliance assessments across one or more regulatory and standards frameworks, including but not limited to SOC 2 Type I/II, ISO 27001, CMMC 2.0, NIST CSF, HIPAA, PCI-DSS, and FedRAMP
• Manage multiple concurrent engagements across different clients and frameworks with minimal supervision
• Map overlapping frameworks and identify where controls satisfy multiple standards simultaneously
• Conduct qualitative and semi-quantitative risk assessments, evaluate control design effectiveness, and recommend compensating or corrective controls appropriate to client operating environments
• Draft, review, and revise information security policies, procedures, standards, and control narratives
• Support clients through external audits and certification processes, serving as the primary liaison between the client and auditors during evidence collection phases
• Contribute meaningfully to the practice's pipeline
Requirements:
• Minimum bachelor's degree in information systems, computer science, business, law, or a closely related field, or equivalent demonstrated experience
• Minimum 5 years of experience in compliance, information security, audit, or a directly related advisory function, including at least two years in a consulting or client-facing delivery role
• Demonstrated hands-on experience with at least two of the following: SOC 2, ISO 27001, CMMC 2.0, NIST CSF, HIPAA, PCI-DSS, or FedRAMP
• At least one active professional certification — CISA, CISSP, CISM, CRISC, or CCSFP are most relevant to this role
• Strong written and verbal communication skills, including the ability to convey technical findings to non-technical audiences with clarity and precision
Benefits:
• Competitive salary
• Health insurance
• Professional development opportunities
• Flexible working arrangements