Hotman Group, LLC

• Support client engagements related to CMMC readiness, implementation, and documentation • Develop, update, and maintain System Security Plans • Assist with NIST SP 800-171, NIST SP 800-53, and FedRAMP documentation, control mapping, and related deliverables • Gather, organize, and review evidence supporting control implementation • Support CUI scoping discussions, boundary definition, and enclave design • Draft and refine control narratives, policies, procedures, and related compliance documentation • Identify gaps and support development of POA&Ms and remediation tracking • Work directly with client stakeholders to collect information, validate details, and keep deliverables moving • Contribute to readiness efforts tied to assessments, documentation, and ongoing compliance activities • Participate in peer review of deliverables before they go to clients — your work will be reviewed and you will review others

• Own the new business pipeline end to end, working within our defined sales process and in coordination with our Partners and SMEs • Research target companies, build prospect lists, and identify the right decision-makers • Execute consistent outbound through LinkedIn, email, phone, networking, and events • Qualify prospects based on our ICP and service fit • Move qualified deals through our sales process: qualification, scoping call, proposal co-presentation with a Partner and SME, and close • Represent the Hotman Group brand in a credible, consultative, and relationship-driven manner • Attend periodic partner and client events • Maintain accurate pipeline data and weekly activity reporting in Pipedrive

• Identify and research prospects who fit our ICP. • Build targeted lead lists from scratch using LinkedIn Sales Navigator, Apollo, Crunchbase, and other tools. • Craft personalized outreach that grabs attention and sparks interest. • Make cold calls, leave thoughtful voicemails, and keep the energy high. • Run multi-channel sequences across email, LinkedIn, phone, and text to break through the noise. • Book and set up intro meetings for HG’s partners and subject matter experts. • Track and report activity in Pipedrive, sharing weekly updates on progress and wins. • Look for ways to work smarter, using automation and efficiency where possible.

• Assess and improve client security and IT controls • Develop policies, processes, and risk assessments aligned to top frameworks including NIST, ISO 27001, and SOC 2 • Document security requirements, support control implementation, and help track remediation progress • Build risk registers, support assessments, and monitor remediation progress • Work hands-on with GRC tools and contribute to solutions for complex client challenges • Translate technical and regulatory requirements into clear, actionable steps for clients • Participate in peer review of deliverables before going to clients.

• Lead assessments and audits of security and IT control environments • Design, implement, and mature cybersecurity and compliance programs • Develop risk registers, conduct risk assessments, and track remediation efforts • Create and refine policies, standards, and procedures aligned with top frameworks including SOC 2, ISO 27001, NIST CSF, HIPAA, HITRUST, CMMC, and others • Prepare clients for internal audits and external assessments • Translate technical, regulatory, and business requirements into clear, actionable deliverables for client stakeholders • Communicate findings, manage client feedback, and drive outcomes even when stakeholders push back • Mentor junior analysts and contribute to the growth of our GRC practice • Participate in peer review of deliverables before they go to clients.