Security and Compliance Consultant

About The Position

Requirements

• Experience in information security leadership and compliance-focused roles with 2–4+ years of experience performing security program management, technical security audits, and risk assessments.
• Experience implementing and assessing controls aligned to CMMC, NIST CSF, HIPAA, and related frameworks and standards (e.g., NIST 800-171, NIST 800-53, ISO 27001).
• Experience performing cybersecurity readiness and maturity assessments, including those aligned with CMMC, NIST CSF, and HIPAA security/privacy requirements.
• Experience with other compliance frameworks (e.g., SOC, SOX, GDPR, FFIEC, PCI, or similar) is a plus.
• Experience in creating Supplier Performance Risk Scores (SPRS)
• Experience with other compliance frameworks (SOC, SOX, GDPR, FFIEC, etc.) is a plus
• Minimum 1+ years’ experience with cloud-based concepts with an emphasis on development and auditing AWS or Azure controls
• Well-rounded expertise and exposure to various security technologies, including Anti-Virus, Endpoint Detection and Response (EDR), Data Loss Prevention, Intrusion Prevention, Application Whitelisting, etc.
• Experienced at assessing on-premise systems, enterprise SaaS, and cloud offerings, including various infrastructure platforms such as Active Directory, Windows, Linux, etc.
• Strong working knowledge of network firewalls, switches, routers, and endpoints
• Experience working with network scanning tools such as Tenable Nessus, Qualys, or Rapid-fire Tools
• Technical knowledge of network design, cloud platform architecture, and experience with information security governance programs and control framework concepts, particularly the NIST cybersecurity framework
• Strong EQ with the ability to develop rapport and provide technical security and risk-related to technical and non-technical audiences
• Must be able to influence without authority, innovate to tackle tough problems, and communicate clearly to all levels of the organization
• Ability to thrive in a supportive, result-oriented community and are committed to the relentless pursuit of continuous growth
• Ability to coordinate multiple tasks and competing demands while working with clients, management, and project resources.

Nice To Haves

• Highly organized and process driven, with the ability to bring structure to client security programs.
• Affinity for technology and an interest in staying current with evolving threats, tools, and best practices.
• Strong integrity with the ability to work in a highly confidential and trustworthy manner.
• Collaborative and flexible with a consultative mindset, comfortable working across multiple Operating Companies and stakeholder groups.
• Precise and detailed, delivering consistently high-quality written and verbal deliverables.
• Comfortable balancing tactical tasks and strategic planning, and knowing when to focus on each for maximum client value.
• Strong desire to learn, grow, and follow direction while also taking initiative to move work forward.
• Skilled in interfacing directly with clients and cultivating a long-term trusted advisor relationship with them.
• Servant-hearted with a focus on improving the lives and security posture of our customers in every action and interaction.
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• GIAC Security Essentials (GSEC)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)
• CMMC Certified Professional (CCP)
• CMMC Assessor (CCA)
• Certified Ethical Hacker (CEH)
• A+ Network+ Security+

Responsibilities

• Serve as a virtual CISO for assigned clients, providing leadership in the development of security strategy, governance structures, and multi-year security roadmaps aligned to business goals and risk appetite.
• Engage with clients and conduct cybersecurity readiness assessments, gap analyses, and maturity assessments using frameworks such as CMMC, NIST CSF, HIPAA, and related standards (including NIST 800-171 and NIST 800-53), and translate the results into program and project plans.
• Consult with executive and technical stakeholders to understand key business, regulatory, and security challenges, and provide pragmatic recommendations that balance risk reduction, cost, and operational impact.
• Develop, review, and refine client security policies, standards, and procedures, ensuring consistency with leading practices and alignment with contractual, regulatory, and customer requirements.
• Support clients in establishing and maintaining governance mechanisms such as security steering committees, risk registers, exception and waiver processes, and formal risk acceptance documentation.
• Prepare and deliver client-facing security reporting, including executive summaries, board-level updates, and status reports on remediation and compliance initiatives.
• Provide oversight for remediation activities arising from assessments, audits, and incidents by prioritizing efforts, tracking progress, and validating that controls are implemented and operating as intended.
• Maintain in-depth knowledge of security regulatory compliance requirements—with particular emphasis on CMMC, NIST CSF, and HIPAA—and translate those into practical control requirements and process improvements for clients.
• Articulate and defend IT and security controls, testing approaches, and remediation strategies to both technical and non-technical audiences, including regulators, auditors, and customers when required.
• Collaborate with Cyber74 and New Charter Technologies Operating Company stakeholders and personnel to share security knowledge, vulnerability and threat trends, program maturity observations, and analysis findings that can improve the broader security posture.

Benefits

• A Fun, friendly culture
• The ability to work from home / work remotely for nearly all positions
• A collaborative environment where you can make an impact and help direct our future
• Family friendly, flexible schedules
• Company provided training and growth opportunities
• A career path and roadmap that allows you to move up in the company and try new things
• Flexible Responsible Time Off Policy
• Company paid cell phone
• 401k with Safe Harbor employer match.
• Health/Dental/Vision Insurance
• Gym membership reimbursement with up to $50/mo
• Etc.