Senior Associate, Compliance as a Service

About The Position

Requirements

• Minimum of 3 years’ experience in information security, IT compliance, or a related cybersecurity role, with experience in professional services, consulting, or managed services environment.
• Demonstrated experience supporting and delivering compliance engagements across one or more frameworks.
• Foundational knowledge of cloud security (AWS, Azure, GCP) and securing hybrid/multi-cloud environments.
• Developing familiarity with security technologies (e.g., SIEM, IDS/IPS, network security controls, encryption), how to apply them, and the risks they address.
• GRC tooling expertise with at least one platform (e.g., Drata, Hyperproof, Anecdotes).
• Excellent written and verbal communication skills, with the ability to articulate compliance and security topics to both technical and non-technical stakeholders.

Responsibilities

• Lead and support multiple low to moderately complex managed security compliance engagements, ensuring quality, consistency, and timeliness in all deliverables.
• Execute compliance assessments, gap analyses, remediation planning, and evidence collection across frameworks such as PCI DSS, SOC 1, SOC 2, ISO 27001, ISO 27701, HITRUST, CMMC, FedRAMP, NIST CSF, and GDPR.
• Develop draft policies and procedures, reports, and other common project deliverables based on established template sets.
• Effectively use project management tooling (Motion) to cross-map multiple account calendars, streamline scheduling, manage and prioritize tasks, assign tasks to others, and document processes and important client information.
• Effectively use GRC platforms (Drata, Anecdotes, Hyperproof) to implement and manage Compliance Operations for clients.
• Make efficient use of business tools (Slack, MS Office Suite, project management platforms) to work smarter, not harder.
• Communicate effectively in email, chat, meetings, and other professional settings. Never forget to send weekly status updates.
• Learn and apply AI LLM prompting basics; understand when to trust AI outputs and when to be skeptical.
• Support senior team members in client relationship management and contribute to expanding services within existing accounts.
• Collaborate with internal teams, including audit, advisory, and offensive security, to support integrated service delivery.
• Monitor regulatory developments and industry trends to stay current on compliance requirements and best practices.
• Complete all CPE requirements for current certifications prior to end of Q3.
• Attend firm-sponsored trainings as applicable.
• Manage your schedule in ProStaff and maintain timely, accurate completion of all required compliance and training.

Benefits

• Medical, Dental, and Vision Insurance on the first day of employment
• Flexible Spending Account and Dependent Care Account
• 401k with Profit Sharing
• 9+ holidays and discretionary time off structure
• Parental Leave – coverage for both primary and secondary caregivers
• Tuition Assistance Program and CPA support program with cash incentive upon completion
• Discretionary incentive compensation based on firm, group and individual performance
• Incentive compensation related to origination of new client sales
• Top rated wellness program
• Flexible working environment including remote and hybrid options