Senior Associate, Compliance as a Service

• Lead and support multiple low to moderately complex managed security compliance engagements, ensuring quality, consistency, and timeliness in all deliverables. • Execute compliance assessments, gap analyses, remediation planning, and evidence collection across frameworks such as PCI DSS, SOC 1, SOC 2, ISO 27001, ISO 27701, HITRUST, CMMC, FedRAMP, NIST CSF, and GDPR. • Develop draft policies and procedures, reports, and other common project deliverables based on established template sets. • Effectively use project management tooling (Motion) to cross-map multiple account calendars, streamline scheduling, manage and prioritize tasks, assign tasks to others, and document processes and important client information. • Effectively use GRC platforms (Drata, Anecdotes, Hyperproof) to implement and manage Compliance Operations for clients. • Make efficient use of business tools (Slack, MS Office Suite, project management platforms) to work smarter, not harder. • Communicate effectively in email, chat, meetings, and other professional settings. Never forget to send weekly status updates. • Learn and apply AI LLM prompting basics; understand when to trust AI outputs and when to be skeptical. • Support senior team members in client relationship management and contribute to expanding services within existing accounts. • Collaborate with internal teams, including audit, advisory, and offensive security, to support integrated service delivery. • Monitor regulatory developments and industry trends to stay current on compliance requirements and best practices. • Complete all CPE requirements for current certifications prior to end of Q3. • Attend firm-sponsored trainings as applicable. • Manage your schedule in ProStaff and maintain timely, accurate completion of all required compliance and training.

• Minimum of 3 years’ experience in information security, IT compliance, or a related cybersecurity role, with experience in professional services, consulting, or managed services environment. • Demonstrated experience supporting and delivering compliance engagements across one or more frameworks. • Foundational knowledge of cloud security (AWS, Azure, GCP) and securing hybrid/multi-cloud environments. • Developing familiarity with security technologies (e.g., SIEM, IDS/IPS, network security controls, encryption), how to apply them, and the risks they address. • GRC tooling expertise with at least one platform (e.g., Drata, Hyperproof, Anecdotes). • Excellent written and verbal communication skills, with the ability to articulate compliance and security topics to both technical and non-technical stakeholders.