Related skills
gdpr iso 27001 fedramp cmmc nist sp 800-53📋 Description
- Review contracts and flow-down clauses to identify cybersecurity and privacy obligations.
- Extract security requirements from contractual language and translate to testable statements.
- Map requirements to product scope, controls, and certification posture.
- Produce gap analyses, compliance matrices, and RTMs to communicate status.
- Serve as security contact for legal and sourcing during contract reviews and redlines.
- Maintain knowledge of NIST SP 800-171/53, NIST CSF, ISO 27001, GDPR.
🎯 Requirements
- Five+ years in cybersecurity governance, risk, and compliance with contract analysis.
- Knowledge of NIST SP 800-171/800-53; control families and assessment procedures.
- Experience contributing to SSP/POA&M, compliance matrices, or RTMs.
- Practical experience supporting at least one formal audit, certification, or assessment (CMMC, ISO 27001, SOC 2, FedRAMP).
- Strong technical writing; concise compliance docs; writing samples may be requested.
- Bachelor’s degree in Information Security, Information Systems, or related field; ability to translate language and work cross-functionally.
🎁 Benefits
- Generous Time Off Policy
- Education Assistance Program
- Employee Stock Purchase Program (ESPP)
- Family Leave
- Fitness Reimbursement
Meet JobCopilot: Your Personal AI Job Hunter
Automatically Apply to Engineering Jobs. Just set your
preferences and Job Copilot will do the rest — finding, filtering, and applying while you focus on what matters.
Help us maintain the quality of jobs posted on Empllo!
Is this position not a remote job?
Let us know!