Compliance Control Assessor

Job Description:
We’re seeking a Compliance Assessor with hands-on experience evaluating security controls and conducting end-to-end assessments across industry standards, frameworks, and complex technical environments. In this role, you’ll analyze applications, networks, and infrastructure to uncover weaknesses, validate controls, and provide clear, actionable remediation guidance to both technical and business stakeholders. This is an opportunity to make a real impact by strengthening security posture for high-visibility clients while growing your expertise in a fast-moving, security-focused environment.

Requirements:
-2+ years of hands-on experience performing security and privacy compliance assessments across major frameworks such as NIST 800-53, NIST CSF, HIPAA, and other industry/government standards
-Past experience creating and maintaining compliance documentation, including security plans, policies, standards, procedures, and security roadmaps
-Experience supporting audits and assessments, including evidence gathering, documentation delivery, and remediation reporting for internal or third-party reviews
-Skilled in stakeholder engagement, conducting interviews, collecting evidence, and assessing an organization’s security and privacy posture
-Working knowledge of GRC platforms and the ability to recommend or implement process improvements and automate compliance assessments

Nice to have:
-State, local and government experience specifically within compliance and regulatory environments

Responsibilities:
-Perform security and privacy compliance assessments to confirm solution compliance with different industry and government standards and frameworks (NIST 800-53, NIST CSF, MARS-E, ARC-AMPE, HIPAA)
-Prepare compliance documentation such as security plans, plan of action and milestones, security roadmaps, policies, standards, and procedures
-Support documentation delivery, evidence collection, and remediation reporting for client or third-party audits and assessments
-Collaborate with stakeholders to collect and analyze evidence required to demonstrate compliance with standards. Conduct interviews with stakeholders to gather information and assess the security and privacy posture of an organization and its systems
-Make implementation recommendations for new processes, solutions, or updates to existing solutions/processes that support adherence to industry standards and enhance an organization’s security posture
-Support the process of obtaining necessary approvals for cybersecurity artifacts (e.g., security plans, roadmap)
-Automate security and privacy compliance assessments with GRC solutions