Associate Information Security Officer
AgencyPosition Summary
Agency seeks an experienced and highly motivated Associate Information Security Officer to join our Compliance Team. The ideal candidate will have at least five years of experience in a Governance, Risk, and Compliance (GRC) or security engineering role directly supporting frameworks such as CMMC2, NIST 800-171, SOC2, ISO 27001, GDPR, and HIPAA. This individual will play a critical role in helping our clients achieve and sustain compliance while implementing best practices in information security.
Key Responsibilities
1. Compliance Management
• Assist clients in developing, implementing, and maintaining compliance with frameworks such as CMMC2, NIST 800, SOC2, ISO 27001, GDPR, and HIPAA.
• Conduct gap analyses, risk assessments, and readiness reviews to evaluate organizational compliance posture.
• Develop and manage security policies, standards, and procedures aligned with regulatory requirements.
2. Risk Assessment and Mitigation
• Identify and assess security risks associated with client environments and recommend mitigation strategies.
• Collaborate with clients to design and implement controls to address identified risks.
3. Audit and Certification Support
• Support clients in audit preparation, including evidence collection, control testing, and remediation tracking.
• Act as a liaison between clients and auditors during certification and assessment processes.
4. Client Advisory and Training
• Provide advisory services to clients on implementing security controls and best practices.
• Deliver training and awareness sessions on compliance and information security topics.
5. Continuous Improvement
• Monitor and stay updated on changes to relevant compliance frameworks and regulatory requirements.
• Recommend and implement improvements to internal and client-facing compliance processes.
6. Collaboration and Leadership
• Work cross-functionally with technical teams and business stakeholders to ensure compliance efforts align with organizational goals.
• Mentor junior team members and contribute to a security and compliance excellence culture.
Qualifications
• Bachelor’s degree in Information Security, Cybersecurity, Computer Science, or a related field (or equivalent experience).
• Minimum of 5 years of experience in a GRC or security engineering role focused on frameworks such as CMMC2, NIST 800, SOC2, ISO 27001, GDPR, and HIPAA.
• Strong understanding of security principles, risk management practices, and compliance frameworks.
• Experience with security tools, technologies, and methodologies used in compliance programs.
• Familiarity with audit processes, evidence collection, and remediation tracking.
• Professional certifications such as CISSP, CISM, CRISC, or equivalent are highly preferred.
Key Skills
• Excellent written and verbal communication skills.
• Strong analytical and problem-solving abilities.
• Ability to manage multiple projects and meet deadlines in a fast-paced environment.
• Team-oriented mindset with the ability to work collaboratively across diverse teams.
• Detail-oriented with a strong commitment to quality and accuracy.
What We Offer
• Competitive salary and benefits package.
• Opportunities for professional growth and certification support.
• Collaborative and inclusive work environment.
• The chance to work with a dynamic team committed to security and compliance excellence.