Support, maintain, and enhance compliance programs aligned to NIST, SOX ITGC controls, CMMC, ISO 27001, and PCI DSS
Participate in readiness assessments, gap analyses, and control audits
Coordinate documentation, evidence collection, and control testing for audits and certifications
Contribute to creation, maintenance, and review of security policies, standards, and procedures
Conduct and document periodic risk assessments to identify security risks and support mitigation activities
Ensure documentation aligns with regulatory and framework requirements
Execute internal control testing, including design and operating effectiveness assessments
Partner with internal and external auditors for audit activities
Track remediation activities for compliance gaps and audit findings
Monitor compliance control performance and identify improvement opportunities
Assist in developing metrics and dashboards for compliance and risk
Support third party vendor security reviews including compliance assessments
Prepare detailed reports on security breaches, including root cause analysis and recommendations for remediation
Work with IT, Legal, Finance, Engineering, and Operations on compliance obligations
Provide subject matter expertise on regulatory and security frameworks
Assist with onboarding and training employees on security compliance responsibilities
Develop, maintain and deliver security compliance training programs tailored to regulatory obligations
Promote awareness of security policies, standards, and compliance requirements across the organization
Collaborate with HR, IT and Communication teams to coordinate annual and ad-hoc training campaigns
Track and report on training completion, adoption and effectiveness to ensure organizational security awareness
Support continuous improvement of the security awareness program by analyzing trends, user behavior and any compliance gaps
Other duties as assigned

Requirements

Bachelor’s Degree in Information Security, Information Technology, Computer Science, or equivalent practical experience
Formal schooling or experience deploying a broad set of cybersecurity technologies and programs including SOC, NAC, SIEM, CASB, PKI, IDS, IPS, PCI, ISO, DLP, UTM, UEBA, CEH, SSCP, and OWASP Top 10 / secure coding best practices
3+ years of experience in information security across: security operations, vulnerability management, incident response, governance/risk/compliance, or cloud/application security
Strong analytical, documentation, and communication skills

Benefits

📊 Check your resume score for this job Improve your chances of getting an interview by checking your resume score before you apply. Check Resume Score

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

NISTSOX ITGC controlsCMMCISO 27001PCI DSSSOCNACSIEMDLPOWASP Top 10

Soft Skills

analytical skillsdocumentation skillscommunication skills

Certifications

CEHSSCP