Job Description:
• Responsible for day-to-day operation of the company’s compliance and AI governance program in a regulated, government-facing environment
• Focus on translating regulatory, cybersecurity, AI governance, and audit requirements into actionable internal processes
• Coordinate audit readiness, maintaining documentation, and ensuring ongoing compliance alignment
• Partner closely with the CTO, Cloud Hosting Manager, Engineering, and Security stakeholders to support secure operations, responsible AI usage, and adherence to applicable regulatory frameworks and data protection standards
• Interpret regulatory, contractual, cybersecurity, and AI governance requirements (e.g., SOC 2, CJIS, NIST-based controls, ISO 27001, AI governance standards, state/local requirements) into internal tasks and control activities
• Coordinate audit readiness efforts, including evidence collection, organization, validation, and remediation tracking
• Serve as primary internal point of contact for auditors; support external audit processes, security assessments, and follow-up activities
• Maintain and update policies, procedures, control narratives, risk assessments, AI governance documentation, and compliance records
• Track compliance status, findings, risks, and remediation efforts; ensure timely closure of identified gaps
• Partner with Hosting, Engineering, Security, and Product teams to validate implementation of security, privacy, and AI-related controls
• Support governance and oversight of AI-related processes, including data handling, model usage, vendor assessments, and responsible AI practices
• Assist in identifying and mitigating cybersecurity, privacy, and AI-related operational risks
• Escalate ambiguous, high-risk, or non-compliant requirements and coordinate resolution activities
• Support vendor compliance reviews, security questionnaires, and third-party risk documentation requests as needed
• Assist in maintaining control mappings across multiple compliance and security frameworks
• Contribute to continuous improvement of compliance, information security, and AI governance processes
Requirements:
• 3–7+ years of experience in compliance, risk management, cybersecurity governance, audit coordination, or related function
• Working knowledge of at least one framework (SOC 2, NIST, CJIS, ISO 27001, or similar)
• Familiarity with cybersecurity governance principles, access controls, data protection practices, and risk management methodologies
• Exposure to AI governance, responsible AI practices, data privacy considerations, or emerging AI regulatory requirements preferred
• Experience supporting audits (internal or external), including evidence collection and auditor interaction
• Strong documentation skills; ability to produce clear, structured policies, procedures, and governance documentation
• Ability to interpret technical and regulatory requirements and translate them into operational tasks and controls
• Comfortable working cross-functionally with technical, security, and operational teams
• Detail-oriented with strong organizational and follow-through capabilities
• Experience in government, public sector, healthcare, or other regulated environments preferred
• Exposure to multiple frameworks or control mapping activities preferred
• Familiarity with compliance and security tools (e.g., Vanta, Drata, Wiz, Microsoft Purview, Defender, or similar platforms) preferred
• Experience supporting cloud security governance in Azure or AWS environments preferred
• Understanding of AI security, data governance, or vendor risk management practices related to AI-enabled solutions preferred
Benefits:
• Health care benefits and Insurance benefits (e.g., vision, dental, life, disability)
• Retirement benefits (e.g., 401(k))
• Paid time off
• 11 Paid holidays