Security GRC & Compliance

Implementing and auditing against security compliance frameworks such as ISO 27001, SOC 2, FedRAMP, NIST, and HIPAA

Identifying, assessing, and prioritizing organizational risks across cybersecurity, regulatory, and operational domains

Developing and maintaining security policies, procedures, and documentation aligned with regulatory requirements

Designing and implementing risk mitigation strategies including monitoring systems, contingency plans, and vulnerability management

Conducting internal and external security audits and assessments

Maintaining audit readiness through documentation, evidence management, and control demonstration

Establishing and managing control mapping, evidence standards, and testing approaches

Translating technical implementations into audit narratives and control documentation

Managing authorization and accreditation processes with government agencies and third-party assessors

Developing risk registers, risk assessment methodologies, and risk-based decision making frameworks

Responding to customer security questionnaires and RFP requests with technical accuracy and credibility

Managing vendor risk and third-party security assessments

Managing Plans of Action and Milestones and tracking remediation efforts

Designing control narratives that accurately represent technical implementation and compliance intent

Executing user access reviews and maintaining access control systems

Supporting System Security Plans, Risk Management Framework documentation, and authorization packages

Evaluating technical implementations in cloud, containerization, and CI/CD environments against compliance requirements

Designing and implementing classified information security programs and controls

Managing security awareness training programs and compliance tracking across the organization

Building and scaling compliance automation and compliance-as-code infrastructure

Automating evidence collection, monitoring, and continuous compliance using technical tools and scripting

Implementing AI governance frameworks and responsible AI compliance measures

Using AI-augmented tools and large language models to accelerate compliance documentation and analysis

Collaborating across cross-functional teams including engineering, product, sales, and legal to integrate compliance requirements

Communicating complex compliance and security concepts to technical and non-technical stakeholders

Managing program execution, timelines, and accountability for large, complex compliance initiatives

Leading and developing high-performing GRC teams with focus on quality and accountability

Driving organizational change and building a culture of compliance and security awareness

Building and maintaining customer trust through transparent security posture communication and assurance

Coaching teams on translating customer and regulatory requirements into technical and operational capabilities