About the role

Anthropic’s model weights and training infrastructure are among the highest-value targets in the technology sector, facing nation-state, supply-chain interdiction, and insider threats that conventional enterprise security programs were not built to address. As Commercial Counsel, Infrastructure Security for Compute and Infrastructure at Anthropic, you’ll be the day-to-day legal partner to the Chief Security Officer’s infrastructure-security and the Governance, Risk and Compliance teams. You will own the contractual and regulatory layer of physical and facility security, hardware and supply-chain security, network security, vendor personnel and insider-risk flow-downs, and security regulatory and assurance.

You’ll work in close partnership with Anthropic teammates in Frontier, Product, Litigation, Employment, and Commercial Legal, in addition to specialized outside counsel. You will serve as the primary legal owner ensuring security requirements are in the contract before signature and that external work product aligns with Anthropic’s security posture and commercial objectives.

Responsibilities:

• Draft and negotiate security design-basis and site-hardening specifications in build-to-suit, lease, and colo agreements (perimeter, access control, CCTV, intrusion detection); guard-force statements of work, post orders, and KPI regimes; visitor, contractor, and badging policy; and security clauses in shared-campus and multi-tenant arrangements

• Own provenance, anti-tamper, and chain-of-custody warranties in silicon, ODM, and OEM paper; trusted-supplier and country-of-origin restrictions; NDAA §889/§5949 and CHIPS-Act guardrail flow-downs; BIS/EAR advanced-computing and semiconductor export-control flow-downs and end-use/end-user certifications; firmware integrity, secure-boot, and golden-image escrow terms; secure logistics; counterfeit-part and grey-market controls; and secure decommissioning and certified media-destruction terms

• Draft security schedules in carrier and fiber agreements (encryption-in-transit, route integrity, lawful-intercept handling), and security obligations in peering agreements

• Set background-screening, training, and badge-revocation requirements for vendor and contractor personnel with site or hardware access, and flow Anthropic personnel-security standards into guard-force, security-integrator, and EPC vendor MSAs

• Support CFIUS and outbound-investment screening on infrastructure vendors and sites, provide NIST/ISO/SOC 2 physical-control evidence for customer and auditor assurance in partnership with security teams; and support security representations in customer contracts that reference physical infrastructure with Commercial Legal

• Work closely with specialized outside counsel, ensuring their work product aligns with Anthropic’s security and commercial objectives

• Build the function: develop and maintain the security-schedule library, design-basis templates, advise on vendor security questionnaire templates, and negotiation playbooks; train Procurement, Datacenter, and Network teams to apply them at scale

• Serve as direct counsel to the CSO’s infrastructure-security organization, coordinating with Product Legal and Litigation on incident response, threat intelligence, law-enforcement and intelligence-community engagement, insider-threat governance, and model-weight security policy under Anthropic’s Responsible Scaling Policy

• Escalate novel structures or terms that create downstream risk for Anthropic’s security posture or operational flexibility; ensure security requirements accommodate AI-specific threats including hardware tamper, supply-chain interdiction, and high-value-target facility risk

• Monitor and assess the evolving regulatory landscape affecting security and data protection, identifying higher-risk obligations for the business and partnering with security to operationalize them through policies, controls, and compliance programs

• Advise on risk assessments, risk acceptance decisions, and reporting to leadership and the board; and review remediation commitments arising from assessments, customer audits and regulator inquiries. 

Minimum qualifications:

• JD and active membership in at least one U.S. state bar

• Fluency in security design-basis specifications, guard-force and access-control contracting, and how security schedules interact with build-to-suit, colo, procurement, and carrier agreements

• Experience with NDAA §889/§5949, CHIPS-Act guardrails, CFIUS/outbound-investment screening, and trusted-supplier or country-of-origin programs

• Comfort with NIST, ISO 27001, and SOC 2 physical-control frameworks and the evidence and attestation process that supports customer and auditor assurance

• Ability to coordinate effectively with multiple internal legal teams, and specialized outside counsel while maintaining strategic direction 

• Strong judgment about when contractual security terms create downstream risk for Anthropic’s security posture, audit position, or operational flexibility

• Effective collaboration skills for working with the CSO’s organization, procurement, datacenter, and network teams

• Communication skills that translate security and supply-chain-integrity concepts into clear risk assessments for business stakeholders

• Genuine interest in infrastructure security and appreciation for why physical, hardware, and network security is mission-critical for frontier AI

Preferred qualifications:

• At least 10-12 years of relevant legal experience with meaningful exposure to physical and facility security contracting, hardware and supply-chain security, network security schedules, or security regulatory and assurance work for critical infrastructure

• In-house experience at cloud service providers, hyperscalers, defense and aerospace primes, telecom carriers, utilities, semiconductor companies, or datacenter operators supporting physical-security, supply-chain-security, or security-assurance programs; or U.S. government experience at DoD, DHS/CISA, BIS, or CFIUS staff

• Experience at large technology companies with first-party datacenter or hardware programs supporting security contracting from the buy side

• Law firm experience at practices with national-security, supply-chain, or critical-infrastructure specialization, particularly those who have worked on NDAA §889, CFIUS, or trusted-supplier matters

• Prior involvement in transactions requiring sophisticated understanding of secure logistics, chain-of-custody, firmware integrity, and certified media destruction

• Familiarity with CCTV/biometrics privacy regimes, executive-protection contracting, and the contractual layer of insider-risk programs

• Ability to obtain and maintain a U.S. security clearance 

Role-specific policy: For this role, we expect staff to be able to work from our San Francisco, Seattle, Washington D.C., or New York office at least 3 days a week, though we encourage you to apply even if you might need some flexibility for an interim period of time.

The Okta Security team’s mission is to strengthen Okta’s position as the leading Identity-as-a-Service solution by identifying and resolving risks to the employees, product, and most importantly, our customers. 

The Security Trust & Culture team works to enhance customer trust in Okta’s identity services . We serve as a strategic resource working closely with Okta’s go-to-market teams. The Customer Assurance team is the central hub for security information, providing comprehensive guidance and resources to Okta customers so they can effectively manage their risk. 

As a Staff level analyst of Customer Assurance, you will support prioritizing and efficiently responding to questions about our security program and other due diligence related requests. You will act as a critical bridge between our customers and our internal engineering teams, ensuring Okta’s security posture is communicated effectively.Tasks will include training local Sales teams, managing complex escalations in the regional market, and driving technological changes to help Customer Assurance scale its efforts globally.

This position requires a unique combination of skills including an ability to coordinate the analysis of technical issues, to communicate clearly about security-relevant topics with both internal and external customers, to collaborate with internal business units to ensure execution of time-sensitive projects, and to present to upper management or the broader organization as required.  The ideal candidate will have experience with SaaS cloud security risk assessment and a solid understanding of the core principles of identity management. If you want to make a difference in the security program of a global cloud provider, we want you on board. 

Job Duties and Responsibilities: 

• Serve as the critical bridge between Okta’s customers and internal Engineering/Product Security teams. You must be able to unpack complex customer security concerns, hold in-depth technical discussions with internal engineering to align on solutions, and translate Okta’s security architecture back to the customer to resolve high-stakes inquiries.
• Take end-to-end ownership of highly technical security questionnaires and due-diligence requests, Partner seamlessly with internal subject matter experts—including our specialized Federal/FedRAMP teams—to ensure accurate, timely, and high-quality responses for highly regulated customers.
• Drive technological changes within Customer Assurance by identifying and implementing AI and automation strategies to streamline workflows, scale global efforts, and reduce response times.
• Train and empower regional Go-To-Market and Sales teams on standard engagement protocols, ensuring they can leverage Customer Assurance resources smoothly to accelerate deals.
• Collaborate with the Security Trust & Culture team and Regional CSOs to develop, publish, and maintain forward-facing security collateral, FAQs, and field communications.
• Work within a global team, participating or leading global handoffs between American timezones and European or Asian, when required for large security or industry events. 

Requirements:

• Bachelor’s degree in Computer Science or Management Information Systems, or equivalent work experience  in technology or information security fields
• Minimum 3 years information security, project management, or related experience
• A strong, fundamental understanding of core Security principles, architectures, and operations.
• Understanding of IT and cloud methodologies, information security, privacy, identity management, risk assessments and IT regulation and compliance standards 
• Strong oral, written, and presentation skills
• Strong written and verbal communication skills, with a proven ability to distill complex technical concepts into clear, concise responses for both technical customers and internal executive stakeholders.
  
  

Helpful Certifications / Skills:

• Okta Certified Professional/Administrator
• Certificate of Cloud Security Knowledge (CCSK) and/or Certificate of Cloud Auditing Knowledge (CCAK)
• Certified Information Security Auditor (CISA)
• Experience with generative AI tools or process automation platforms is a strong plus.
• Familiarity with Federal or highly regulated compliance frameworks (e.g., FedRAMP, StateRAMP, NIST 800-53, or DoD IL4/IL5)

#LI-HYBRID

#LI-SH1
P7020_3396428

Position Overview

The Senior Corporate Accountant will be primarily responsible for many aspects of the financial statement close process performed at the corporate level, including financial reporting and multi-entity consolidation. This includes ensuring proper application of US GAAP for various processes, such as ASC 842 Leases, ASC 718 Stock Compensation, ASC 470 Debt, ASC 350 Intangibles - Goodwill & Other, ASC 805 Business Combinations, transfer pricing, and other technical accounting matters. The role is pivotal in driving Diligent’s AI-first transformation, ensuring operational excellence, compliance, and scalable growth across all accounting functions.  

This role will also play a key part in identifying opportunities to leverage AI and automation tools to enhance accuracy, streamline recurring workflows, and drive efficiency across the accounting function. The Senior Corporate Accountant will assist with ad-hoc technical accounting projects and have high-visibility within the organization, ensuring that US GAAP is applied correctly for new company-wide initiatives. This role will report to the Senior Director, Corporate Accounting. We are looking for someone who has excellent problem-solving skills, intellectual curiosity about emerging technologies, and enjoys working in a challenging and fast-paced environment to support our continued success.

Key Responsibilities

• Assist in the monthly, quarterly, and annual general ledger closing process by:
• Owning the accounting for equity compensation and incentive awards including grants issued, grant-date valuation, exercises, expense recognition, modifications, and forfeitures, utilizing the Certent Equity Management solution.
• Calculating transfer pricing, preparing journals, and managing cross-border transactions, including preparation of inter-company entries, coordinate review of output with statutory teams, support tax team with transfer pricing documentation.
• Perform accounting for internally developed software in accordance with US GAAP, including capitalization of development costs, amortization, and impairment assessments for both internal-use software and software developed for sale.
• Prepare the necessary journal entries and monthly account reconciliations for accounts including, but not limited to intangible assets, compensation and payroll related items, and deferred commissions and incentives.
• Provide support to revenue recognition team for a smooth revenue recognition process, write offs, recoveries, deferred revenue and runoff, multi-year arrangements, bundled offerings, flux analysis.
• Review journal entries and account reconciliations assigned, perform monthly close activities to ensure accurate and timely financial reporting.
• Financial statement accounts analysis, identification of non-routine transactions, investigate anomalies, and document findings.
• Prepare group and statutory audit workpapers for assigned accounts and disclosures. Support external and statutory audits by preparing schedules, responding to auditor inquiries, and maintaining supporting documentation.
• Provide support or act as accounting lead in enterprise-wide initiatives and assist in other special projects, including but not limited to system upgrades, implementations, and AI-driven process transformations.
• Collaborate cross-functionally with finance, tax, legal, and other operational teams on accounting and reporting matters.
• Obtain and maintain a thorough understanding of the business operations, the financial reporting, and the general ledger structure for all of Diligent’s legal entities, and actively support the consolidation and intercompany elimination process.
• Support in all compliance related matters assigned including, but not limited to, annual financial statement audits, quarterly reporting requirements.
• Provide support or act as accounting lead in enterprise-wide initiatives and assist in other special projects, including but not limited to system upgrades, implementations, and AI-driven process transformations.
• Build strong working relationships with internal stakeholders and contribute to team efficiency through cross-training, sharing responsibilities, and serving as position backup.
• Develop and maintain internal accounting controls, policies, procedures, and process documentation to ensure timely and accurate financial reporting.
• Drive process improvement and automation initiatives by identifying use cases for AI-assisted accounting workflows, testing and validating AI-generated outputs, and helping build scalable, technology-enabled processes across the close cycle.
• When assigned, assist or manage the monthly close for newly acquired entities and support the transition of balance sheet and income statement responsibilities to designated team members.
• Champion the adoption of AI-driven automation and modern platforms to streamline processes, reduce manual effort, and deliver actionable insights.
• Drive the integration of AI and automation in key accounting processes (e.g., account reconciliations, procure-to-pay, financial statement reviews, cash forecasting, and T&E), freeing teams for higher-value work. 
• Perform ad-hoc projects as assigned.

Required Experience/Skills

• Bachelor’s degree in accounting; CPA required.
• Strong knowledge of U.S. GAAP required.
• Minimum of 3 years of progressive accounting experience, Big 4 and SaaS industry experience preferred.
• Knowledge of NetSuite or similar accounting systems. Familiarity with AI-assisted tools and a willingness to adopt emerging technologies in an accounting context is a plus.
• Experienced with accounting concepts related to the software industry, international accounting, multi-entity consolidation, and debt & equity accounting is preferred.
• Strong written and oral communication skills with the ability to work cross-functionally and cross-geography and relate effectively across all levels of staff.
• Hands-on, energetic, organized, team player with proven ability to adapt quickly in a changing environment and facilitate change, multitask effectively and work independently.
• Ability to prioritize competing projects and analyze processes to simplify, automate, and improve them, including the use of AI and other emerging technologies.
• Excellent attention to detail, strong business ethics, and demonstrated ability to handle confidential information.

About the Role:

The GRC Analyst, Federal & Customer Programs is responsible for the hands-on analysis, documentation, and operational execution of the company's security governance, risk, and compliance obligations. This role sits at the intersection of customer contracts, regulatory frameworks, and the company's security control environment — translating external requirements into clear, traceable internal commitments and evaluating how well current capabilities satisfy them. The GRC Analyst reviews incoming contractual security language, maps obligations to applicable frameworks and existing controls, produces compliance matrices and gap analyses, owns the operational risk assessment process, contributes to governance and policy lifecycle activities, and supports audit, assessment, and customer inquiry activities.

A meaningful portion of this role is dedicated to ongoing contract and requirements analysis as new programs are awarded and existing programs evolve. The GRC Analyst serves as the security function's primary reviewer of incoming contractual cybersecurity language and works directly with legal and sourcing on flow-down negotiation and redlines. Candidates who enjoy careful reading of contractual and regulatory text — and who want this to be a substantial part of their day-to-day work — will find this role a strong fit.

This is a detail-oriented, writing-intensive role requiring strong analytical judgment, fluency across multiple compliance frameworks, and the ability to work effectively with legal, sourcing, program management, engineering, and security operations stakeholders.

Key Responsibilities:

Contract & Requirements Analysis

• Review customer contracts, statements of work, security annexes, CDRLs, data protection addenda, and flow-down clauses to identify cybersecurity, privacy, and information handling obligations applicable to the company.
• Extract and catalog specific security requirements from contractual language, and translate them into structured, testable statements suitable for traceability and control mapping.
• Compare identified requirements against the company's current product scope, control environment, and certification posture to determine where compliance is already met, partially met, or requires new implementation work.
• Produce gap analyses, compliance matrices, and Requirements Traceability Matrix (RTM) artifacts that clearly communicate the state of compliance for a given contract, program, or system.
• Serve as the security function's primary point of contact for legal and sourcing during contract review, redline cycles, and flow-down negotiation, including review of subcontractor and supplier flow-down language.

Framework Mapping & Interpretation

• Maintain working proficiency across the frameworks relevant to the company's regulatory and contractual posture, including NIST SP 800-171, NIST SP 800-53, NIST CSF, CMMC, ISO 27001, FedRAMP, and applicable European frameworks such as NIS2 and GDPR.
• Map controls across frameworks to minimize duplicated work and enable consistent responses to overlapping requirements; contribute to a shared control inventory used by compliance, security, and program teams.
• Interpret framework language and authoritative guidance (NIST publications, DoD guidance, regulator FAQs) in the context of specific company systems and business scenarios and escalate ambiguity for formal risk decisions when appropriate.

Governance, Policy & ISMS Support

• Contribute to the maintenance of the company's Information Security Management System (ISMS) documentation set, including keeping control descriptions, evidence references, and scope statements accurate and current.
• Support the policy and standard lifecycle, including periodic review cycles, version control, exception governance, and clarification of control owner accountability.
• Produce compliance posture reporting and audit readiness metrics for governance forums and leadership review, including framework coverage, finding aging, and remediation progress.

Deliverable Writing & Artifact Contribution

• Draft and revise compliance deliverables including System Security Plans (SSP), Plans of Action & Milestones (POA&M), policy and standard content, control narratives, customer security questionnaire responses, and audit artifacts.
• Author clear, concise written responses to customer, auditor, and regulator inquiries, calibrated to the technical level of the audience and consistent with approved company positioning.

Risk Assessment & Treatment

• Own the operational risk assessment process and the supporting risk register, including conducting periodic and event-driven risk assessments, documenting current state, identifying deficiencies, and developing risk treatment recommendations.
• Route risk acceptance and exception decisions to the appropriate decision authority with the underlying analysis and documentation prepared for review; track decisions and ensure follow-through on conditions or expirations.
• Track open compliance findings and remediation activities, prepare status updates, and flag aging or high-severity items for escalation.

Third-Party & Supply Chain Risk

• Contribute to vendor and supplier security review activities, including evaluating vendor security questionnaires, reviewing supplier control attestations, and assessing residual risk for inclusion in procurement and program decisions.
• Support assessment of subcontractor and supplier flow-down compliance, including coordinating with sourcing and program management on supplier security obligations and remediation.

Audit & Assessment Support

• Support internal and external audit, assessment, and certification activities, including C3PAO engagements, ISO 27001 surveillance audits, customer assessments, and regulator inquiries.
• Coordinate evidence collection with system owners and control operators; validate that evidence is accurate, complete, and appropriately scoped before submission.
• Participate in assessor and auditor interviews as a subject matter contributor on specific controls and artifacts.

Cross-Functional Collaboration

• Partner with legal and sourcing on contract review, redlines, and flow-down language; with security program management on milestones, schedules, and audit coordination; and with security engineering and IT on evidence, control implementation detail, and remediation planning.
• Serve as a knowledgeable point of contact for internal teams seeking to understand what a given regulatory or contractual requirement means in practice.

What Success Looks Like in Year One

• Established a repeatable contract review intake process with legal and sourcing, including a maintained library of standard cybersecurity flow-down clauses and review turnaround expectations.
• Produced an end-to-end Requirements Traceability Matrix for at least one active federal program, traceable from contract clauses through framework controls to evidence sources.
• Stood up the operational risk register and routine risk reporting cadence, with at least one full assessment cycle completed and risk treatment decisions documented.
• Maintained the ISMS documentation set in audit-ready condition through at least one external assessment or surveillance cycle.

Required Qualifications:

• Five or more years of progressive experience in cybersecurity governance, risk, and compliance; IT audit; or a closely related discipline, with substantial hands-on exposure to framework interpretation and contract requirement analysis.
• Demonstrated working knowledge of NIST SP 800-171 and NIST SP 800-53, including control families, assessment procedures, and common implementation patterns.
• Experience contributing to SSP and POA&M artifacts, compliance matrices, or Requirements Traceability Matrices in a regulated environment.
• Practical experience supporting at least one formal audit, certification, or assessment cycle (for example CMMC, ISO 27001, SOC 2, FedRAMP, or comparable).
• Strong technical writing skills, including the ability to produce accurate, concise, and audience-appropriate compliance documentation. Writing samples may be requested as part of the interview process.
• Demonstrated comfort and interest in reading contractual and regulatory language carefully and translating it into specific, actionable internal requirements. This is a core part of the role, not an occasional task.
• Comfort working across multiple stakeholder groups — legal, sourcing, engineering, IT, security operations, and program management — and adjusting communication style accordingly.
• Bachelor's degree in Information Security, Information Systems, Business, a related field, or equivalent practical experience.

Preferred Qualifications:

• Direct experience with CMMC 2.0 assessment preparation, including familiarity with DFARS 252.204-7012 and 48 CFR Part 204.
• Familiarity with ISO 27001, FedRAMP, SOC 2, NIS2, GDPR data security obligations, or EU dual-use export control regimes.
• Experience handling Controlled Unclassified Information (CUI) in accordance with NARA and DoD requirements.
• Exposure to aerospace, defense, space, or other regulated technology environments.
• Experience reviewing or negotiating cybersecurity flow-down language in customer or supplier contracts.
• Working familiarity with Governance, Risk, and Compliance (GRC) tooling such as ServiceNow GRC, Archer, Hyperproof, Drata, Vanta, or equivalent.
• Industry certifications such as CISA, CRISC, CISSP, CGRC (formerly CAP), ISO 27001 Lead Implementer / Lead Auditor, CMMC Registered Practitioner (RP), or CMMC Certified Professional / Certified Assessor (CCP / CCA).
• Active US security clearance, or eligibility to obtain one.

Spire operates a hybrid work model, and this position will require you to work a minimum of three days per week in the office.

Access to US export-controlled software and/or technology may be required for this role. If needed, Spire will arrange the necessary licenses—this is not something candidates need to have before applying. #LI-DC1

Description
Data Systems Analysts, Inc. is seeking a SME III Technology Capabilities (Cybersecurity SME) to fill a critical Key Personnel role supporting the Office of the Under Secretary of War for Research and Engineering (OUSW(R&E)), specifically the Assistant Secretary of War for Mission Capabilities (ASW(MC)), The candidate provides senior-level cybersecurity leadership and technical expertise across enterprise IT environments, ensuring confidentiality, integrity, and availability of mission systems. Leads the design, implementation, and oversight of cybersecurity architectures, policies, and controls in compliance with DoD RMF, NIST 800‑53, CMMC, and applicable DoD cyber directives. Advises Government stakeholders on cyber risk management, threat mitigation, security engineering, and incident response, and provides technical direction to senior and journeyman cybersecurity staff.

Required Qualifications

• Bachelor’s degree from an accredited college or university in computer science, Information Technology, cybersecurity, or related science or engineering field
• Experience using AI in daily Cybersecurity support work to support the customers needs and rapidly identify threat levels and activity
• Core Experience & Project Management: Fifteen (15) years of technical expertise related to cyber engineering and cyberspace test and evaluation with 10 years’ experience in project management
• Technical & Operational Focus: Ten (10) years’ experience supporting the analysis, assessment, demonstration, testing, and/or experimentation of cyber capabilities
• Demonstrated participation in the research, development, integration, and testing of innovative technologies for both offensive and defensive cyber
• System Evaluation & Validation: Ten (10) years’ experience evaluating and validating sensor system performance, effectiveness, and operational feasibility
• Demonstrated experience in recommending assessments to determine system performance to risks
• Compliance & Certification: Must meet certification requirements per applicable DoD Directives and DoD Instructions
• Must have relevant industry credentials such as:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • CompTIA Advanced Security Practitioner (CASP+)
  • Offensive Security Certified Professional (OSCP)
  • Global Information Assurance Certifications (GIAC)
  • Certified Cloud Security Professional (CCSP)

Clearance Required

• TS/SCI (SAP eligible)

Desired Qualifications

• Military or DoW experience
• Strong communication skills to engage Senior Leaders and provide honest, clear, and constructive recommendations to drive progress
• Ability to use accurate information to make decisions for solving challenging technical problems
• Ability to operate effectively when problems are ambiguous and require judgement, adaptivity, and sound decision-making 

Key Responsibilities

Controller (Nonprofit Accounting)

Hillel International

Role Overview

Are you a seasoned nonprofit accounting and finance professional who excels at overseeing complex financial operations, strengthening internal controls, and delivering accurate, insightful reporting in a mission- driven organization? Do you excel in a dynamic work environment balancing core operational functions, varied deliverables, and strategic partnerships? 

As Controller at Hillel International, you will be a senior operational lead, reporting to the VP of Finance and Accounting, who oversees the full accounting cycle with a $60M+ operating budget, supporting multiple program areas and complex funding streams. In this role, you will partner closely with programmatic and administrative leaders across the organization to support budgeting, financial planning, and performance management. You will also identify opportunities to improve financial systems and workflows, implement solutions that enhance efficiency and reporting, and ensure the organization maintains the highest standards of nonprofit accounting compliance. The Controller will also manage and develop a team of three accounting professionals, providing leadership, mentorship, and clear processes that enable the team to operate efficiently and deliver high-quality financial information across the organization.

This is an exciting opportunity for a thoughtful and detail-oriented finance leader to help strengthen the financial infrastructure of an organization that supports Jewish students on college campuses across North America. This position is fully remote and open to eligible candidates in the United States.

What You’ll Do

• Oversee the full accounting cycle, inclusive of: daily operations, monthly reconciliations, and other finance deliverables that support program and administrative functions.
• Performs programmatic and organization-wide reporting, along with performance metrics and analysis of net asset positions.
• Function as lead on budget compilation, reporting, and performance management. Operate as an ongoing thought partner with budget owners to maximize accuracy and support reforecasts based on new developments to further strategic planning.
• Manage the completion of the annual audit and 990, including managing audit relationships, planning, preparation, and review of supporting schedules, and compilation of financial statements and 990 workbook.
• Lead ongoing evaluation and improvement of financial systems, workflows, and reporting infrastructure to increase efficiency, strengthen internal controls, and enhance organizational decision-making.
• Establish and maintain internal policies, procedures, and controls that ensure operational best practices and nonprofit GAAP compliance.
• Manage and develop a high-performing accounting team of three professionals, fostering strong financial discipline, accountability, and continuous improvement across finance operations.
• Ensure training and resources, both within and across teams, are kept current and provide the information necessary for consistent processing.

What You’ve Accomplished 

• 7 plus years of finance experience in the service of nonprofit organizations, operating either as an internal employee or as an auditor or outsourced staff
• Bachelor’s degree in accounting required
• Master's in Accounting and a CPA preferred

What You'll Bring to the Job 

• Success in managing or overseeing nonprofit finance operations
• Experience managing budgets in excess of $50M across multiple departments with a variety of underlying programs
• Knowledge of NetSuite or similar accounting systems that function with matrixed transaction fields
• Ability to evaluate existing processes and propose custom workflows and system solutions 
• Experience managing multiple deliverables across a variety of stakeholders
• Skill in simplifying and explaining accounting concepts to parties with varied levels of technical understanding

What You’ll Receive

• Competitive salary in the nonprofit marketplace. The salary range for this role is $140,000 - $160,000
• This position is fully remote and open to eligible candidates in the United States.
• A comprehensive benefits package, including health insurance, retirement plan, Life, AD&D, and Long Term Disability (LTD) insurance, Flexible Spending accounts, generous vacation/sick time, and parental leave.
• Great professional development, mentoring, and skill-building opportunities

#LI-REMOTE

Your Mission 

We are seeking a rare combination of disciplines: an experienced Sr. Compliance Engineer with deep AI Subject Matter Expertise (SME) and export compliance background to join our Governance, Risk, and Compliance (GRC) team. This role is responsible for building, implementing, and sustaining the organizational compliance posture across key regulatory and security frameworks — with a primary emphasis on RMF (NIST 800-53 Rev. 5 + Classified Overlays), CMMC Level 3, NIST 800-171 Rev. 3, EAR/ITAR cyber regulations, and — critically - the governance, risk management, and compliance controls surrounding AI/ML systems and large language models (LLMs) deployed across the enterprise. 

As AI becomes embedded in True Anomaly's operations, mission systems, and products, this role serves as the organizational authority on how AI capabilities are adopted, audited, and controlled responsibly. You will architect and operationalize compliance checkpoints and governance gates within LLM pipelines, evaluate AI vendors and platforms (including OpenAI, Anthropic Claude, and others) against classified and unclassified compliance requirements, and ensure AI-driven workflows satisfy both regulatory obligations and internal risk tolerance. 

The ideal candidate brings deep GRC knowledge, hands-on AI/LLM engineering fluency, and the ability to engage credibly with compliance assessors, government partners, and internal AI/ML engineering teams alike. 

Responsibilities 

Compliance Program Execution 

• Lead and support compliance assessment readiness across key organizational frameworks including NIST SP 800-171 Rev. 2 and 3, CMMC Level 3, NIST SP 800-53 Rev. 5, and the NIST Cybersecurity Framework (CSF). 

• Provide direction on cybersecurity readiness to address EAR and ITAR-related controls and requirements. 

• Drive CMMC readiness activities across the organization, including scoping, gap analysis, control implementation validation, evidence collection, and pre-assessment preparation. 

• Review, maintain, and mature System Security Plans (SSPs) to accurately reflect organizational control implementations, system boundaries, and operational practices — including AI/ML system boundaries and data flows. 

• Manage Plans of Actions and Milestones (POA&Ms), tracking open findings to resolution, communicating status to GRC leadership, and coordinating remediation efforts across responsible teams. 

• Conduct internal compliance audits and control effectiveness reviews to ensure ongoing adherence to applicable frameworks and to surface emerging gaps before external assessments. 

• Maintain audit-ready evidence repositories and documentation packages, ensuring traceability between controls, evidence, and framework requirements. 

AI Governance, Risk & Compliance (AI-GRC) 

• Serve as the organizational AI compliance SME — the primary authority on how AI/LLM systems (including OpenAI GPT models, Anthropic Claude, open-source models, and internally developed models) are evaluated, onboarded, and continuously governed within True Anomaly's compliance boundaries. 

• Design, implement, and maintain compliance checkpoints and enforcement gates within LLM pipelines, including:  

• Input/output filtering and content policy enforcement layers 

• Prompt injection detection and mitigation controls 

• Data classification guardrails to prevent CUI, ITAR-controlled, or classified data from flowing into non-authorized AI systems or endpoints 

• Automated audit logging of AI interactions for traceability and incident investigation 

• Model access control and role-based permissions within AI platforms 

• Conduct AI-specific risk assessments, including evaluation of AI vendor data handling practices, model training data provenance, and third-party AI API security postures against NIST AI RMF, NIST SP 800-53 AI overlays, and internal standards. 

• Develop and enforce an AI System Acceptable Use Policy and supporting standards that govern how employees and systems interact with LLMs, including permissible data inputs, output handling, human-in-the-loop requirements, and escalation procedures. 

• Evaluate proposed AI/ML use cases for regulatory risk (EAR/ITAR, CMMC, data privacy) and provide compliance go/no-go determinations with documented rationale. 

• Collaborate with AI/ML engineers and DevSecOps teams to integrate compliance gates into CI/CD pipelines and MLOps workflows, ensuring model changes and prompt changes undergo review before production deployment. 

• Maintain an AI system inventory, tracking all deployed models, APIs, integrations, and associated risk and compliance status. 

• Monitor emerging AI regulatory developments (e.g., EO 14110, NIST AI RMF, DoD AI Ethics Principles, EU AI Act implications for U.S. defense partners) and assess organizational impact. 

Cross-Functional Compliance Enablement 

• Serve as a primary GRC team resource for compliance questions, control guidance, and framework interpretation across engineering, IT, operations, legal, and security teams. 

• Partner with IT and security operations teams to verify that technical controls — including access management, logging, configuration baselines, and incident response procedures — meet CMMC and NIST requirements at an organizational level. 

• Partner with AI/ML engineers, data scientists, and product teams to embed compliance thinking into AI system design, model selection, and deployment architecture. 

• Collaborate with the Enterprise Risk Manager and broader GRC leadership to ensure compliance findings — including AI-specific risks — are reflected in the enterprise risk register and remediation priorities. 

• Support the development of compliance training and awareness materials, including AI-specific training that builds organizational understanding of responsible AI use, LLM risk, and CMMC obligations. 

• Coordinate with external assessors, third-party auditors, and government partners during assessment engagements, serving as a knowledgeable point of contact for evidence walkthroughs and control discussions. 

Qualifications 

• 7+ years of experience in IT security compliance, GRC, or a closely related discipline, with direct ownership of compliance program activities. 

• Demonstrated expertise in NIST SP 800-171, CMMC (Level 2 or 3), and NIST SP 800-53, with hands-on experience conducting gap assessments, implementing controls, and preparing organizations for external audits. 

• Extensive, hands-on experience with AI/LLM systems, including practical knowledge of platforms such as OpenAI (GPT-4/o-series), Anthropic Claude, Meta Llama, Microsoft Azure OpenAI Service, and/or comparable commercial and open-source LLM ecosystems. 

• Demonstrated ability to design, implement, and operationalize compliance controls within LLM pipelines, including guardrail layers, content filtering, audit logging hooks, and data classification enforcement. 

• Working knowledge of AI security risks, including prompt injection, jailbreaking, data exfiltration via LLM outputs, model inversion, and supply chain risks associated with third-party AI APIs. 

• Familiarity with NIST AI Risk Management Framework (AI RMF) and its application to enterprise and defense AI deployments. 

• Strong understanding of SSP development and maintenance, POA&M management, and audit evidence lifecycle practices in an organizational (non-product) compliance context. 

• Proven experience developing and operationalizing information security policies, standards, and procedures across a multi-disciplinary organization. 

• Strong communication skills with the ability to explain compliance requirements — including AI risk concepts — clearly to both technical practitioners and non-technical business stakeholders. 

• Highly organized, with demonstrated ability to manage multiple concurrent compliance workstreams and deadlines in a fast-paced environment. 

• Active or ability to obtain SECRET or TS/SCI security clearance. 

• Must be a U.S. citizen, lawful permanent resident, or protected individual per ITAR requirements (8 U.S.C. 1324b(a)(3)). 

Preferred Qualifications 

• Strong EAR/ITAR background as it pertains to cybersecurity, AI-generated outputs, and policy development. 

• J.D. focusing on technology law, export compliance (EAR and ITAR), AI regulation, or cyber law. 

• Experience building MLOps or AI DevSecOps pipelines with integrated compliance gates, including automated policy enforcement, prompt review workflows, or model change management processes. 

• Hands-on experience with AI safety and alignment tooling (e.g., LangChain guardrails, NeMo Guardrails, Azure Content Safety, OpenAI Moderation API, Anthropic Constitutional AI/policy layer configurations). 

• Experience evaluating AI vendor agreements and data processing agreements against DoD/CMMC/ITAR data handling requirements. 

• Familiarity with DoD AI Ethics Principles, Responsible AI (RAI) frameworks, and emerging federal AI governance requirements (e.g., EO 14110, OMB AI guidance). 

• Industry certifications such as:  

• Certified Information Systems Auditor (CISA) 

• Certified in Risk and Information Systems Control (CRISC) 

• Certified Information Systems Security Professional (CISSP) 

• CMMC Registered Practitioner (RP) or Certified Professional (CP) 

• CompTIA Security+ or equivalent 

• AWS/Azure AI or Security certifications 

• Background in startup, aerospace, defense technology, or SaaS environments operating under DoD compliance obligations. 

• Familiarity with cloud environments — particularly Azure Government, AWS GovCloud, or Azure OpenAI Government deployments — as they relate to organizational control implementation and AI boundary scoping. 

• Experience coordinating with C/3PAOs or supporting CMMC assessments. 

• Working knowledge of DFARS 252.204-7012, ITAR, and supply chain compliance obligations. 

• Familiarity with Agile/Scrum environments and hybrid project delivery models. 

Compensation 

• Base Salary: Denver - $145,000 to $195,000, Long Beach - $150,000 to $205,000, Washington, DC - $150,000 to $205,000 

• Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave 

Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, location, and experience. 

Additional Requirements 

• Work Location: Successful candidates will be located near Denver, CO, Long Beach, CA, or Washington D.C. While we observe a hybrid work environment, some work must be done on site. #LI-Onsite

• Work Environment: Standard office setting, working at a desk or in a production factory environment. 

• Physical Demands: May include frequent standing, sitting, walking, bending, and lifting or carrying items up to 20 lbs. 

This position will be open until it is successfully filled. 

To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR), you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. 

We value diversity of experience, knowledge, backgrounds, and perspectives and harness these qualities to create extraordinary impact. True Anomaly is committed to equal employment opportunity regardless of sex, race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, gender identity, pregnancy, maternity or related condition (including breastfeeding) or any other basis as protected by applicable law. If you have a disability or additional need that requires accommodation, please do not hesitate to let us know. 

Your Mission 

We are seeking a Senior Enterprise Risk Manager to build, lead, and mature two distinct but interconnected lines of effort: Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). This is a foundational leadership role for a seasoned risk professional who thrives in fast-moving, mission-critical environments and understands the unique demands of operating at the intersection of defense, aerospace, and commercial SaaS. 

The ideal candidate brings deep experience navigating regulated government environments—including RMF, DoD IL5/IL6, and CMMC—and is fluent in industry-standard risk quantification and assessment methodologies such as FAIR (Factor Analysis of Information Risk) and OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation). They pair that expertise with a startup mindset that enables them to build programs from the ground up, not just maintain inherited ones. You will work cross-functionally with engineering, security, legal, compliance, product, and executive leadership to identify, assess, communicate, and mitigate risk across the enterprise and its extended supply chain. 

Responsibilities: 

Enterprise Risk Management 

• Design, implement, and continuously mature a scalable enterprise risk management program aligned to NIST RMF, ISO 31000, and applicable DoD frameworks. 

• Apply FAIR methodology to quantify cyber and operational risk in financial terms, enabling data-driven prioritization and executive-level risk decision-making. 

• Leverage OCTAVE or similar threat-centric methodologies to lead structured risk assessments that identify critical assets, threat profiles, and organizational vulnerabilities. 

• Establish and maintain an enterprise risk register, risk appetite statements, and risk tolerance thresholds in collaboration with executive leadership and the Board (as applicable). 

• Lead recurring risk identification, assessment, and prioritization processes across business units, ensuring alignment between operational risk posture and strategic objectives. 

• Develop and maintain executive-ready risk dashboards, KPI/KRI reporting, and program metrics using tools such as Jira, Confluence, GRC platforms, and MS Project. 

• Conduct and coordinate internal audits and risk assessments to ensure adherence to DoD compliance standards, including NIST SP 800-53 Rev. 5, NIST SP 800-171, RMF (IL5 and IL6), and CMMC Level 3. 

• Support audit readiness activities including pre-assessment preparation, evidence collection, POA&M management, and post-audit remediation planning. 

• Develop, implement, and mature information security and enterprise risk policies, standards, and guidelines based on industry best practices. 

• Serve as a primary point of contact for internal stakeholders, executive leadership, and external assessors, certification bodies, and government partners. 

Third-Party Vendor Risk Management 

• Build and lead a formalized Third-Party Vendor Risk Management program, establishing vendor classification tiers, risk assessment methodologies, and ongoing monitoring cadences. 

• Define and operationalize vendor onboarding risk assessments, including security questionnaires, compliance validations, and contractual risk controls (e.g., SLAs, right-to-audit clauses, data handling requirements). 

• Maintain a vendor risk inventory and lifecycle management process covering initial due diligence through offboarding, ensuring continuous visibility into third-party risk exposure. 

• Collaborate with legal, procurement, and supply chain teams to embed risk criteria into vendor selection, contract negotiation, and renewal processes. 

• Monitor third-party vendors for changes in risk posture, including cybersecurity incidents, financial instability, regulatory actions, and ITAR/export control concerns. 

• Develop vendor risk reporting and executive-level dashboards to provide ongoing transparency into third-party exposure across critical suppliers and technology partners. 

• Ensure TPVRM program alignment with applicable regulatory requirements including CMMC supply chain requirements, DFARS clauses, and DoD IL environment authorization boundaries. 

Cross-Functional Leadership 

• Build, mentor, and provide technical guidance to junior risk team members and project contributors across both lines of effort. 

• Drive alignment across engineering, security operations, product compliance, IT operations, legal, and business operations teams on risk priorities and remediation timelines. 

• Track program milestones, identify dependencies and blockers, and drive timely course corrections with a bias toward action. 

• Continuously improve program workflows, reporting processes, and team coordination for scalable, repeatable, and consistent risk program execution. 

• Proactively track emerging regulatory, threat, and supply chain risk requirements and update program posture accordingly. 

Qualifications 

• 10+ years of experience in enterprise risk management, GRC, cybersecurity risk, or related disciplines, with demonstrated ownership of risk programs at a senior level. 

• Proven track record in startup or high-growth technology environments, with demonstrated ability to build risk programs from the ground up under resource and time constraints. 

• Experience applying FAIR for risk quantification and OCTAVE or similar frameworks for threat and asset-centric risk assessments. 

• Direct experience with U.S. government or defense sector programs, including working knowledge of DoD RMF (IL5 and IL6), NIST SP 800-53, NIST SP 800-171, and CMMC. 

• Hands-on experience leading or significantly contributing to Third-Party/Vendor Risk Management programs, including vendor tiering, due diligence workflows, and ongoing monitoring. 

• Strong proficiency in risk management and GRC documentation tools including Jira, Confluence (Atlassian suite), MS Project, enterprise GRC platforms, and MS Visio or Lucidchart. 

• Excellent communication and stakeholder management skills, with a strong ability to translate technical risk into business language for executives and board-level audiences. 

• Active or ability to obtain SECRET, TS/SCI security clearance. 

• Must be a U.S. citizen, lawful permanent resident, or protected individual per ITAR requirements (8 U.S.C. 1324b(a)(3)). 

Preferred Qualifications 

• Background in aerospace, defense technology, or SaaS companies operating in regulated government markets; experience with both commercial and government customer bases strongly preferred. 

• Proficient with creating risk programs in a startup environment, scaling, and adapting to changing organizational structure 

• Experience managing certification or authorization initiatives across one or more of: FedRAMP, SOC 2, DoDIN APL, ISO 27001, CMMC as it pertains to risk. 

• Industry certifications such as:  

• Certified in Risk and Information Systems Control (CRISC) 

• Certified Information Systems Auditor (CISA) 

• Certified Information Systems Security Professional (CISSP) 

• Certified in the Governance of Enterprise IT (CGEIT) 

• Certified ScrumMaster (CSM) or Agile PM certification 

• Experience with cloud environments, particularly Azure Government and/or AWS GovCloud, and understanding of authorization boundary design. 

• Working knowledge of ITAR, EAR, and export control considerations as they apply to vendor and supply chain risk. 

• Familiarity with Agile/Scrum and hybrid project delivery models. 

• Experience with DFARS, FAR, and government contracting compliance requirements. 

Compensation 

• Base Salary: Denver - $160,000 to $220,000, Long Beach - $165,000 to $230,000, Washington DC - $165,000 to $230,000 

• Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave 

Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, location, and experience. 

Additional Requirements 

• Work Location: This role will be onsite at one of our facilities in Centennial, CO, Long Beach, California, or Washington, D.C. #LI-Onsite 

• Work Environment: Standard office setting, working at a desk or in a production factory environment  

• Physical Demands: May include frequent standing, sitting, walking, bending, and lifting or carrying items up to 20 lbs. 

This position will be open until it is successfully filled. 

To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR), you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. 

We value diversity of experience, knowledge, backgrounds, and perspectives and harness these qualities to create extraordinary impact. True Anomaly is committed to equal employment opportunity regardless of sex, race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, gender identity, pregnancy, maternity or related condition (including breastfeeding) or any other basis as protected by applicable law. If you have a disability or additional need that requires accommodation, please do not hesitate to let us know. 

Your Mission 

We are seeking a driven and detail-oriented Enterprise Risk Analyst to support two distinct but interconnected lines of effort: Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). Reporting to the Senior Enterprise Risk Manager, you will play a hands-on role in executing risk assessments, maintaining program documentation, tracking remediation activities, and building the data foundation that powers executive-level risk decision-making. 

This role is ideal for a mid-career risk professional who is fluent in frameworks such as NIST RMF and CMMC, is developing practical experience with risk quantification methodologies like FAIR and OCTAVE, and is eager to grow within a fast-paced aerospace and defense SaaS environment. You will work closely with engineering, security, legal, compliance, and operations teams to help identify, document, and track risk across the enterprise and its third-party supply chain. 

Responsibilities:

Enterprise Risk Management 

• Support the design, execution, and continuous improvement of the enterprise risk management program under the direction of the Senior Enterprise Risk Manager. 

• Assist in conducting structured risk assessments using OCTAVE or similar threat-and-asset-centric methodologies, documenting findings, threat profiles, and recommended mitigations. 

• Support the application of FAIR methodology to help quantify risks in financial terms and contribute to risk prioritization analyses for leadership. 

• Maintain and update the enterprise risk register, ensuring accuracy of risk ratings, ownership assignments, remediation status, and residual risk tracking. 

• Build and maintain program dashboards, KPI/KRI reports, and status tracking using tools such as Jira, Confluence, enterprise GRC platforms, and MS Project. 

• Assist with audit readiness activities including evidence collection, pre-assessment preparation, control documentation, and post-audit remediation tracking. 

• Support POA&M management for IL5 and IL6 environments, tracking open items to closure and escalating blockers to the Enterprise Risk Manager. 

• Contribute to the development and maintenance of risk policies, standards, and guidelines aligned to NIST SP 800-53 Rev. 5, NIST SP 800-171, RMF, and CMMC Level 3. 

• Coordinate and track internal audit schedules, findings, and corrective action plans across business units. 

Third-Party Vendor Risk Management 

• Execute vendor risk assessments as part of the onboarding and periodic review lifecycle, including security questionnaire administration, documentation review, and risk scoring. 

• Maintain the vendor risk inventory and lifecycle tracking records, ensuring all vendors are appropriately tiered and assessed on schedule. 

• Monitor vendor risk signals including cybersecurity advisories, regulatory actions, and contractual compliance status, escalating material changes to the Enterprise Risk Manager. 

• Support contract and procurement teams by providing vendor risk assessment findings and recommended risk mitigation language. 

• Assist in ensuring TPVRM program alignment with CMMC supply chain requirements, DFARS clauses, and ITAR/export control considerations for critical suppliers. 

• Develop and maintain vendor risk reporting inputs and dashboard content to support executive-level visibility into third-party risk exposure. 

Cross-Functional Collaboration 

• Serve as a reliable day-to-day point of contact for risk-related inquiries from internal stakeholders across engineering, security, operations, and legal teams. 

• Track program milestones, action items, and deliverables, proactively communicating status and flagging risks or dependencies to the Enterprise Risk Manager. 

• Continuously improve risk program workflows, documentation templates, and reporting processes to support scalable and repeatable execution. 

• Support the preparation of materials for internal leadership briefings, external assessor interactions, and government partner reviews. 

Qualifications 

• 5+ years of experience in enterprise risk management, GRC, cybersecurity risk, compliance, or a closely related discipline. 

• Working knowledge of NIST SP 800-53, NIST SP 800-171, DoD RMF (IL5/IL6), and CMMC, with direct experience supporting assessments or audits under one or more of these frameworks. 

• Familiarity with risk assessment methodologies including FAIR and/or OCTAVE, with a desire to deepen applied expertise in risk quantification. 

• Experience supporting or executing third-party/vendor risk assessments, including questionnaire administration, documentation review, and risk tracking. 

• Hands-on experience with program management and GRC documentation tools including Jira, Confluence (Atlassian suite), MS Project, enterprise GRC platforms, and MS Visio or Lucidchart. 

• Strong written and verbal communication skills, with the ability to clearly document findings and translate risk concepts for both technical and non-technical audiences. 

• Highly organized, self-directed, and comfortable managing multiple workstreams simultaneously in a fast-paced, regulated environment. 

• Active or ability to obtain SECRET, TS/SCI security clearance. 

• Must be a U.S. citizen, lawful permanent resident, or protected individual per ITAR requirements (8 U.S.C. 1324b(a)(3)). 

Preferred Qualifications 

• Background in startup, aerospace, defense technology, or SaaS companies operating in regulated government markets. 

• Industry certifications such as:  

• Certified in Risk and Information Systems Control (CRISC) 

• Certified Information Systems Auditor (CISA) 

• Open FAIR Certification (The Open Group) 

• CompTIA Security+ or equivalent 

• Certified ScrumMaster (CSM) or similar Agile certification 

• Experience with cloud environments, particularly Azure Government and/or AWS GovCloud. 

• Familiarity with POA&M management, SSP documentation, and audit evidence collection in DoD authorization contexts. 

• Working knowledge of ITAR, EAR, DFARS, and export control considerations as they relate to vendor and supply chain risk. 

• Familiarity with Agile/Scrum and hybrid project delivery models. 

Compensation 

• Base Salary: Denver - $115,000 to $155,000, Long Beach - $120,000 to $165,000, Washington, DC - $120,000 to $165,000 

• Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave 

Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, location, and experience. 

Additional Requirements 

• Work Location: This role will be onsite at one of our office locations: Centennial, CO, Long Beach, CA, or Washington, DC  #LI-Onsite 

• Work Environment: Standard office setting, working at a desk or in a production factory environment 

• Physical Demands: May include frequent standing, sitting, walking, bending, and lifting or carrying items up to 20 lbs. 

This position will be open until it is successfully filled. 

To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR), you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. 

We value diversity of experience, knowledge, backgrounds, and perspectives and harness these qualities to create extraordinary impact. True Anomaly is committed to equal employment opportunity regardless of sex, race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, gender identity, pregnancy, maternity or related condition (including breastfeeding) or any other basis as protected by applicable law. If you have a disability or additional need that requires accommodation, please do not hesitate to let us know. 

As Sr. Software Engineer II  (Trellix), you’ll design and manage enterprise endpoint security solutions across DoD and IC environments, with deep expertise in Trellix and Windows/Linux systems. You will also lead engineering efforts, support incident response, and deliver technical reporting in classified, high-availability settings.

We know that you can’t have great technology services without amazing people. At MetroStar, we are obsessed with our people and have led a two-decade legacy of building the best and brightest teams. Because we know our future relies on our deep understanding and relentless focus on our people, we live by our mission: A passion for our people. Value for our customers.

If you think you can see yourself delivering our mission and pursuing our goals with us, then check out the job description below!

What you’ll do:

• Implement and apply technologies, processes, and practices designed to protect networks, devices, programs, and data from malicious attack, damage, or unauthorized access
• Provide engineering and sustainment support for the various endpoint security solutions
• Establish computing environment by designing system configuration, directing system installation, and defining, documenting, and enforcing system standards
• Provide specific, detailed information for hardware and software selection, implementation techniques, and tools for the most efficient solution to meet business needs, including present and future capacity requirements
• Work with both the software vendor and the customer to research, analyze, and implement enterprise-wide security solutions/capabilities/enhancements to support customer business/mission goals and objectives
• Assist with design, analysis, testing and implementation of state-of-the-art secure architectures
• Oversee security infrastructure sustainment, maintenance, and advanced configuration (policy management, database administration and security management tools.)
• Oversee the reporting, documentation and investigation of all security related incidents; lead the development and implementation of corrective measures

What you’ll need to succeed:

• An Active TS/SCI security clearance
• 7 years of experience in Software Engineering
• DoD 8140 (DCWF CSSP Infrastructure Support certification )
• Strong working knowledge of administering applications in a Windows and Linux environment
• Expert-level knowledge in deploying and managing Trellix ePO, Threat Prevention, DLP, Endpoint Security (ENS), Data Loss Prevention (DLP), Policy Auditor, File Integrity Monitor (FIM) and Application Whitelisting
• Demonstrated experience setting up Trellix from scratch, including policy configuration, system deployment, and integration with Microsoft SQL databases
• Experience with large-scale enterprise/global networks in a high-paced, diverse environment
• Understanding of and experience with the IC Architecture Framework and other key network architecture and strategic planning instructions
• Experience in providing status reports and products to senior management and customers
• Experience with plans, designs, and evaluations of security systems and architectures

SALARY RANGE: $165,000 - $184,000

The salary range for this position is determined based on qualifications, skills, and relevant experience. The final salary offered will be determined based on several factors including: 

• The candidate's professional background and relevant work experience
• The specific responsibilities of the role and organizational needs
• Internal equity and alignment with current team compensation
• This role is also eligible for additional compensation, subject to the terms and policies of MetroStar, which may include:
• Performance-based bonuses
• Company-paid training and/or certifications
• Referral bonuses

Who we are

The real world is the next frontier, and at Metropolis, we are creating the artificial intelligence to make it responsive. We are pioneering the Recognition Economy — a future where mundane repetition disappears and being known unlocks access, comfort and belonging everywhere you go. From transforming parking into a seamless drive-in, drive-out experience for millions of Members to expanding our intelligence layer across retail and hospitality, we are building a world that feels instinctive and magical. The future isn’t coming; it’s here, and we need builders, innovators and problem solvers to help us create it.

Who you are

Metropolis is seeking an Operational Compliance Auditor to add value and improve our operations by bringing a systematic and disciplined approach to the effectiveness of risk management, control, and governance processes. The ideal candidate possesses thorough knowledge of accounting procedures and sound judgment, as you will review control processes to ensure the reliability of information, compliance with regulations, and the safeguarding of assets. In this role, you will act as an independent partner to operations management, interacting with various levels of leadership to provide timely recommendations and navigate difficult conversations regarding findings to ensure the achievement of our operational and financial goals.

What you'll do

• Act as an objective source of independent advice to ensure validity and goal achievement
• Identify loopholes and recommend risk aversion measures and cost savings
• Maintain open communication with management
• Conduct follow up audits to monitor management’s interventions
• Engage in continuous knowledge development regarding Metropolis's parking equipment, industry rules, regulations, best practices, tools, techniques, and performance standards
• Obtain, analyze and evaluate accounting documentation, reports, data, flowcharts, etc.
• Perform location audits at Commercial and Aviation sites using a structured audit format that follows adherence to standard operating procedures
• Prepare and present reports that reflect observations and recommendations to the Operational Audit Manager, Senior Facility Managers, and Regional Managers
• Work on special assignments such as consulting services for existing or prospective clients, investigation work involving suspected control breakdowns and fraud, development of department or localized training programs, and other strategic initiatives
• Travel 25-35% of the time

What we're looking for

• Bachelor's degree in Accounting, Finance, or a related field; or equivalent experience
• Proven working experience as a Senior Operations Manager, or equivalent experience
• Proven knowledge of auditing standards and procedures, laws, rules and regulations
• Proficient in common office software, such as Microsoft 365 and Google Workspace
• Ability to manipulate large amounts of data to compile detailed reports
• High attention to detail and excellent analytical skills
• Excellent writing and communication skills
• Experience leveraging AI tools to transform static workflows into responsive, high-output processes

While not required, these are a plus:

• Prior management experience in parking, hospitality, or related industry

4 Days in Office: Metropolis values in-person collaboration to drive innovation, strengthen culture, and enhance the Member experience. Our corporate team members hold to our office-first model, which requires employees to be on-site at least four days a week, fostering organic interactions that spark creativity and connection.

When you join Metropolis, you'll join a team of world-class product leaders and engineers, building an ecosystem of technologies at the intersection of parking, mobility, and real estate. Our goal is to build an inclusive culture where everyone has a voice and the best idea wins. You will play a key role in building and maintaining this culture as our organization grows. The anticipated base salary for this position is $100,000.00 USD to $115,000.00 USD annually. The actual base salary offered is determined by a number of variables, including, as appropriate, the applicant's qualifications for the position, years of relevant experience, distinctive skills, level of education attained, certifications or other professional licenses held, and the location of residence and/or place of employment. Base salary is one component of Metropolis' total compensation package, which may also include access to or eligibility for healthcare benefits, a 401(k) plan, short-term and long-term disability coverage, basic life insurance, a lucrative stock option plan, bonus plans and more. #LI-WT1 #LI-Onsite

The incumbent is responsible for the design, execution and oversight of the supplier and vendor oversight program as well as the internal audit program. This role will be responsible for assessing GxP suppliers and executing questionnaires and audits as required. The incumbent will create and maintain the audit schedule and the approved supplier list. This is a cross-functional role that will ensure the organizations suppliers and vendors are acceptable to support GxP processes.

KEY ROLE AND RESPONSIBILITIES:

• Create the annual audit schedule, both internal and external, and report on progress against activities and timelines
• Lead cross-functional teams in the evaluation of suppliers and vendors to determine quality and criticality
• Document, track, distribute and follow-up actions resulting from supplier questionnaires captured in the Quality Management System
• Plan, execute and report on virtual and on-site audits of suppliers and vendors
• Plan, execute and report on internal audits
• Maintain the Approved Supplier List
• Support third-party audits hosted onsite
• Own and facilitate the Material Review Board
• Participate in cross-functional teams for bringing in new materials and vendors

PREFERRED EDUCATION:

• BA/BSc with a minimum of 10 years’ experience; or
• MBA or MSc with a minimum of 7 years’ experience
• Professional Auditor Certification

PREFERRED EXPERIENCE:

• Minimum 12 years’ experience in GMP biopharmaceutical operations with a minimum of 8 years’ experience in GMP Quality and a minimum of 5 years’ experience as an auditor
• Demonstrated experience in Clinical and GMP manufacturing
• Proven experience with quality management systems (e.g. Deviations, CAPA, Risk, etc)

KNOWLEDGE, SKILLS AND ABILITIES:

• Deep knowledge and understanding of the regulations that govern GMP manufacturing and specifically cell therapy companies in the US, Canada, Australia, Europe and Japan
• Ability to occasionally work non-traditional work times to support remote audits in other time zones
• Ability to travel up to 10% of the time to perform on-site audits
• Proven strong leadership, collaboration and influencing skills, with demonstrated ability to problem solve and drive positive change.
• Motivated and organized critical thinker with solid interpersonal and business communication skills
• The desire and ability to work in a fast-paced, start-up environment

The salary range for this position is $124,000 - 150,000, annually, with the opportunity to earn an annual bonus. The salary range is an estimate, and the actual salary may vary based on Lyell’s compensation practices and an applicant’s qualifications and experience. Employees are also eligible to participate in Lyell’s Equity Incentive Plan.

Our Employee Benefits program is extensive and includes subsidized medical, dental and vision plans from your first day of employment, FSA, Company provided Life and AD&D Insurance as well as STD and LTD Insurance, ESPP, a 401(k) Plan with Company match, mass transit commuter benefits, cell phone reimbursement and a range of supplemental benefits that you may choose to elect. Our paid time-off benefits currently include flexible time off,  8 observed holidays as well as a floating holiday. We also have a winter office shutdown.

At Lyell, we believe that highest performing teams include people from a wide variety of backgrounds and experiences who respectfully challenge each other. We are committed to building an open, diverse and inclusive culture for all employees. Lyell is proud to be an equal opportunity employer and does not discriminate on the basis of race, color, citizenship status, national origin, ancestry, sex, sexual orientation, age, religion, creed, physical or mental disability, medical condition, marital status, veteran status or any other characteristics protected under applicable federal, state and local laws.

Your Impact

We are looking for a security compliance Program Manager who will serve as an external-facing leader for cloud service authorization and compliance activities in the US State & Local market—supporting programs like CJIS, and partnering on broader government authorization efforts (e.g., FedRAMP/GovRAMP where applicable).

This role is built for someone who can combine technical fluency with high-trust stakeholder leadership: engaging customers, auditors/assessors, authorizing bodies, and internal partners to drive predictable outcomes and strong customer experience.

What You’ll Do 

Location: This role is based out of our Seattle, WA Office and follows a hybrid schedule. We rely on in-person collaboration and ask that team members work onsite Tuesdays through Fridays, with the flexibility to work remotely on Mondays, unless there is an approved workplace accommodation. We believe that connection fuels innovation, and our in-office culture is designed to foster meaningful teamwork, mentorship, and shared success.
Reports to: Senior Director - Trust & Security
Direct Reports: 0

• Act as a primary point of contact and subject matter expert for government authorization and security compliance for Axon cloud services in the US State & Local market, including CJIS Security Policy compliance.
• Manage security compliance obligations across internal teams and external parties (customers, audit teams, authorizing bodies) to ensure commitments, timelines, and deliverables are met.
• Lead assessor/auditor readiness and coordination: evidence request intake, response SLAs, interview orchestration, stakeholder prep, and executive-level program updates.
• Own and maintain authorization and compliance documentation (policies, procedures, plans, and authorization packages as relevant), ensuring accuracy, clarity, and consistency.
• Execute and mature security assurance and compliance programs to ensure ongoing effectiveness and alignment with standards and external requirements.
• Partner with Sales/Customer Success and technical teams to support customer security conversations, procurement/contract diligence, and regulator/authorizer interactions—without overpromising and while protecting delivery reality.
• Support business continuity and incident planning, and coordinate exercises/tests with relevant stakeholders.
• Participate in risk assessments, vendor security assessments, and security awareness initiatives; help others implement security objectives cost-effectively.
• Stay current on security and compliance trends, evolving regulatory expectations, and best practices in cloud security and authorization

What You Bring

• 8+ years of experience in information security or security compliance, including leadership responsibilities in a technical environment.
• Strong organizational, communication, and program management skills; able to lead through influence across security, engineering, product, and go-to-market partners.
• Working experience with one or more of: CJIS, FedRAMP, NIST 800-53, DISA SRG, or similar compliance/authorization processes.
• Strong background in cloud security controls and experience implementing/operationalizing security requirements in cloud environments.
• Excellent presentation and stakeholder management skills, including the ability to represent the program with customers and external assessors.
• Security certifications (e.g., CISSP, CISM, CCSP, or similar).
• Experience with US state or local government security programs and/or continuous monitoring of cloud environments.
• Experience with international data security and privacy standards.

Benefits that Benefit You

• Competitive salary and 401k with employer match
• Discretionary paid time off
• Paid parental leave for all
• Medical, Dental, Vision plans
• Fitness Programs
• Emotional & Mental Wellness support
• Learning & Development programs
• Employee Resource Groups (ERGs)
• And yes, we have snacks in our offices

Benefits listed herein may vary depending on the nature of your employment and the location where you work.

WHAT WE DO

Our Security, Risk and Compliance consultants work with clients at all levels of the organization, from the C-suite to the shop floor, helping them to deliver on their most strategic initiatives. We’re known for making realistic, data-driven decisions that deliver value in tangible ways to our clients. Our clients ask for us on projects that require a superior combination of technical and business capabilities, people and management skills, and a collaborative mindset. We excel in understanding complex programs and strategic initiatives and breaking them into actionable pieces.

We are actively looking for professionals in the following areas:

• Compliance
• Information Security
• Risk Management
• Data Privacy

The ideal candidate’s experience may include but is not limited to the following:

• Management or participation in Cybersecurity, Information Security, Risk, Compliance and/or Data Privacy Programs or Projects
  • Sample projects/programs could include but are not limited to:
    • Compliance framework mapping and implementation,
    • Regulatory mapping and implementation
    • Audit, risk or regulatory remediation management,
    • Readiness for new laws and regulations,
    • Risk, Compliance or Information Security risk reporting and monitoring
    • Creation of roadmaps to mature or advance Risk, Compliance or Information Security Strategies/Programs/Controls
    • Design and enablement of cyber controls functions and processes
    • Change management related to regulatory adoption or compliance changes
    • Audit or certification readiness
  • Familiarity or direct experience with GRC/Cybersecurity solutions, tools and technologies
  • Control design or maturation for high-demand technical areas such as ERP, Identity and Access Management, Business Continuity and Resiliency, Cloud
  • Knowledge of and/or application of industry specific regulations, laws, and standards such as the EU-GDPR, CCPA/CPRA, HIPAA, PCI
  • Knowledge of and/or application of compliance and security frameworks and standards such as COSO, NIST, ISO
  • Management of regulatory, internal or external audits, or experience as an auditor
  • Projects or roles requiring coordination across lines of defense working with technical, business, compliance, risk and audit teams to deliver solutions
  • Work or projects with military or federal government agencies in Risk, Compliance or Information Security/Cyber Security sectors
  • Certifications: CIPP, CRCM, CRM, ARM, CISSP, CISM

QUALIFICATIONS

Required-

• Alignment to our core values: Excellence, Participation, Integrity, and Collaboration
• Hungry, Humble, Smart
• Demonstrated business and technology acumen
• Strong written and verbal communication skills
• Understanding and experience solving real business problems
• Proven track record of delivering results
• Experience working with and/or leading a team
• Ability to work across industries, roles, functions & technologies
• Authorization for permanent employment in the United States (this position is not eligible for immigration sponsorship)

Preferred-

• Bachelor’s degree
• 8+ years professional experience
• Experience across our service offerings

The role:

The Food Safety Associate ensures a sustainable, safe, clean, and functional environment in the CookUnity Commissary.

Responsibilities:

• Monitor food production and ensure all Chefs are adhering to food safety regulations
• Perform critical checks including refrigeration, chemical concentration and and temperature checks
• Communicate kitchen rules to Chefs as needed- gloves, hairnets, proper hand washing, cleaning of equipment, sanitizing of prep stations, etc.
• Ensures all items in coolers and freezers are appropriately labeled. (Labels must include Chef Name, Product Name and Date)
• Daily facility compliance walks including corrective actions
• Work closely with other departments such as Kitchen Operations, Supply Chain and Maintenance to correct issues affecting food safety and quality.
• Ensure the facility is always ready for inspection by local regulator or third party auditor
• Ensure all walk-in coolers and stand alone fridges remain closed and temperature is at 41 degrees or lower
• Perform weekly thermometer calibrations for Chefs and Food Safety team
• Collaborate with other members of Food Safety team in Chef and employee training on food safety and sanitation topics
• Perform facility and department audits
• Collect and provide data on cooler function and sanitary transport to operations and facilities teams

Minimum Requirements:

• Experience working in a high compliance food processing facility (USDA, FDA)
• Positive and committed to doing the right thing
• Experience working with a team in a fast paced environment
• Good communication skills and ability to speak in a professional manner to a wide range of partners and stakeholders
• Ability to build relationships and explain food safety concepts in plain language
• Ability to work independently and complete assigned duties without direct supervision
• Proficiency G Suite/Google Workspace.
• Team player with a positive, collaborative mindset
• Ability to work 30-40 hours per week.
• Bilingual English/Spanish preferred

Benefits

• Competitive hourly rates
• Medical, Dental and Vision
• 401K
• Opportunities for advancement

If you’re interested in this role, please submit your application and if we think you might be a fit, we'll get in touch with you. Thank you for your time!

CookUnity is an Equal Opportunity Employer. We are dedicated to creating a community of inclusion and an environment free from discrimination or harassment. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, sexual orientation, gender identity, national origin, citizenship status, protected veteran status, genetic information, or physical or mental disability.

WHAT WE DO

Our Security, Risk and Compliance consultants work with clients at all levels of the organization, from the C-suite to the shop floor, helping them to deliver on their most strategic initiatives. We’re known for making realistic, data-driven decisions that deliver value in tangible ways to our clients. Our clients ask for us on projects that require a superior combination of technical and business capabilities, people and management skills, and a collaborative mindset. We excel in understanding complex programs and strategic initiatives and breaking them into actionable pieces.

We are actively looking for professionals in the following areas:

• Compliance
• Information Security
• Risk Management
• Data Privacy

The ideal candidate’s experience may include but is not limited to the following:

• Management or participation in Cybersecurity, Information Security, Risk, Compliance and/or Data Privacy Programs or Projects
  • Sample projects/programs could include but are not limited to:
    • Compliance framework mapping and implementation,
    • Regulatory mapping and implementation
    • Audit, risk or regulatory remediation management,
    • Readiness for new laws and regulations,
    • Risk, Compliance or Information Security risk reporting and monitoring
    • Creation of roadmaps to mature or advance Risk, Compliance or Information Security Strategies/Programs/Controls
    • Design and enablement of cyber controls functions and processes
    • Change management related to regulatory adoption or compliance changes
    • Audit or certification readiness
  • Familiarity or direct experience with GRC/Cybersecurity solutions, tools and technologies
  • Control design or maturation for high-demand technical areas such as ERP, Identity and Access Management, Business Continuity and Resiliency, Cloud
  • Knowledge of and/or application of industry specific regulations, laws, and standards such as the EU-GDPR, CCPA/CPRA, HIPAA, PCI
  • Knowledge of and/or application of compliance and security frameworks and standards such as COSO, NIST, ISO
  • Management of regulatory, internal or external audits, or experience as an auditor
  • Projects or roles requiring coordination across lines of defense working with technical, business, compliance, risk and audit teams to deliver solutions
  • Work or projects with military or federal government agencies in Risk, Compliance or Information Security/Cyber Security sectors
  • Certifications: CIPP, CRCM, CRM, ARM, CISSP, CISM

QUALIFICATIONS

Required-

• Alignment to our core values: Excellence, Participation, Integrity, and Collaboration
• Hungry, Humble, Smart
• Demonstrated business and technology acumen
• Strong written and verbal communication skills
• Understanding and experience solving real business problems
• Proven track record of delivering results
• Experience working with and/or leading a team
• Ability to work across industries, roles, functions & technologies
• Authorization for permanent employment in the United States (this position is not eligible for immigration sponsorship)

Preferred-

• Bachelor’s degree
• 8+ years professional experience
• Experience across our service offerings

The Company collects and uses Personal Information for human resources, employment, benefits administration, and business-related purposes.  To comply with our regulatory obligations under the California Consumer Privacy Act (“CCPA”), the Company is required to notify you of the Personal Information we collect.  To access our CCPA Policy including the categories of Personal Information we collect and the purposes for which we intend to use this information, please visit SEI's Privacy Policy.