About the role
What You'll Do:
• Review and evaluate cybersecurity governance frameworks, policies, standards, and procedures
• Assess compliance with regulatory and industry standards such as:
o GDPR, HIPAA, SOC 2
o NIST Cybersecurity Framework (CSF)
o NIST SP 800-53
o ISO/IEC 27001
o Cloud Security Alliance (CSA) Cloud Controls Matrix
• Apply maturity models (e.g., NIST CSF, CMMI) to establish a current-state baseline
• Conduct interviews with compliance stakeholders and business leaders
• Perform detailed document reviews (policies, procedures, audit reports)
• Evaluate AWS governance processes and controls in regulated environments
• Identify gaps in governance, risk management, and compliance capabilities
• Develop actionable recommendations to improve governance structure and compliance posture
What You've Done:
• Expertise in regulatory frameworks and audit/assessment processes
• Deep expertise in NIST, ISO, CSA CCM, and federal compliance frameworks
Core Certifications:
• CISSP – broad coverage across governance, risk, and controls
• CISM (Certified Information Security Manager) – governance and program oversight focus
• CRISC (Certified in Risk and Information Systems Control) – risk management emphasis
Compliance-Specific:
• CISA (Certified Information Systems Auditor)
• ISO/IEC 27001 Lead Implementer or Lead Auditor
• CCSK (Certificate of Cloud Security Knowledge)
Clearance Requirement:
• Active TS/SCI with SCI Polygraph (or eligible)
- 401(k), including an employer match of 100% of the first 3% contributed and 50% of the next 2% contributed
- Medical, Dental, and Vision Insurance (available on the 1st day of the month following your first day of employment)
- Group Term Life, Short-Term Disability, Long-Term Disability
- Voluntary Life, Hospital Indemnity, Accident, and/or Critical Illness
- Participation in the Discretionary Time Off (DTO) Program
- 11 Paid Holidays Annually