• Own SOC 2 and HIPAA programs end-to-end • Manage auditor relationships and streamline evidence collection • Maintain continuous audit readiness via Drata • Improve audit efficiency • Own vendor compliance intake (BAAs, DPAs, security reviews) • Build and maintain a centralized vendor registry with PHI exposure mapping • Establish fast, repeatable onboarding processes • Partner with Engineering on vendor security assessments • Audit and remediate ~30 existing policies with outdated ownership structures • Replace “phantom roles” (e.g., Security Officer) with real owners • Establish a meaningful policy review cadence • Draft new policies (data retention, vendor management, access controls) • Own and operate Drata (controls, evidence, personnel tasks) • Manage Trust Center accuracy and external posture • Handle customer security questionnaires • Support Sales with compliance documentation for enterprise deals • Document PHI data flows and system boundaries • Support incident response from a compliance perspective • Stay current on HIPAA and regulatory developments

Role Description The Prevention of Sexual Abuse (PSA) Compliance Manager is responsible for managing the implementation and ongoing compliance with the Interim Final Rule (IFR) on preventing, detecting, and responding to sexual abuse and sexual harassment. This manager will actively promote a culture of safety, proactive risk management, program excellence, and ongoing regulatory readiness; and lead quality improvement activities. The ideal candidate for our program is a self-motivated and dedicated person excited and passionate about helping infants, toddlers, and families grow in development and education. You are a personable, energetic, and empathetic leader who can manage multiple staff, managers, and multiple projects in a prioritized manner to meet our internal Urban Strategies goals. Qualifications - Bachelor’s degree in behavioral sciences, human services, or social service fields - At least 1 year of experience working with child welfare standards, best practices, and compliance issues - Attention to detail - Cultural Awareness - Conflict Management - Time Management - Sexual Abuse Prevention - Safety - Leadership - Teamwork - Community Approach - Office 0365 - Driver’s License - Bilingual (English and Spanish) - Preferred Requirements - Criminal Background check - National Sex Offenders Check - TB Test - ORR pre-hire approval required Benefits - Remote work for eligible positions - Medical and Dental is paid 95% by company and 5% by employee (individual or family) - Vision is covered 100% (individual or family) - 401K matched contributions up to 4% - Employee Assistance Program - Generous vacation time (varies depending on program and position) - 9 Sick Days and 11 Holidays - Long and short-term disability provided free - Company provides laptops for positions that require them - Company issues cellphones for positions that require them Company Description Urban Strategies exists to equip, resource and connect faith- and community-based organizations so that all children and families can reach their full potential. Headquartered in Washington, D.C., our team serves in the U.S. mainland, Puerto Rico, and Central America. Company Culture - Authentic Relationships - Servant Leadership - Intentional Compassion Core Competencies - Models Urban Strategies - Works Well with Team US - Communicates Competently - Demonstrates Accountability, Responsibility, and Dependability - Delivers High Quality Work - Identifies Problems, Finds Solutions Urban Strategies provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, gender, national origin, age, sexual orientation, disability, or other legally protected classifications under applicable federal, state and local legal protections. To apply: Please visit www.urbanstrategies.us/careers Contact us with any questions at Recruiting@urbanstrategies.us Equal Opportunity Employer

Salary*: $120,000+ *Dependent upon qualifications Summit 7 is here to rise above the ordinary. The work we do here goes far beyond day-to-day projects - it further protects the US defense industrial base from cyber threats, fosters thought leadership, and creates growth opportunities. Our support staff, sales team and technicians are all coming together to make a difference. We also recognize that you're a person with life beyond work, that's why we invest in these meaningful health and welfare benefits: - Excellent health/dental benefits from BCBS and Ameritas - See into the future with our luxurious VSP vision benefits - Prepare for the long-haul courtesy of our 401k with company matching - Unlimited mobile phone plan - 10 days' vacation, 7 days sick time - Bonuses and salary increase potential via our certifications plan We do cool work here, defying expectations by simply being who we are - each of us makes an impact. Essential Functions The Senior Compliance Analyst assists Summit 7 and our clients in meeting key cybersecurity compliance initiatives including Cybersecurity Maturity Model Certification (CMMC) certification documentation preparation, readiness, and assessment activities. Candidates with more experience will be considered at a senior level. Duties and Responsibilities - Review, develop, update, and/or maintain cyber security documentation which may include policies, plans, procedures, checklists, and work instructions - Assist in development and maintenance of System Security Plans, Plans of Action and Milestones (POA&MS), security and compliance-related information system monitoring schedules and related tasks - Participate in security assessments including coordination, evaluation of on premises and cloud environments, collection of evidence and artifacts, and documenting results - Work collaboratively with internal teams to maintain applied knowledge of NIST 800-171, DFARS 252.204-7012 and other associated standards and regulations related to CMMC certification - Leverage growing knowledge and expertise to identify client problem areas and collaborate to provide effective suggestions for solutions - Other duties as assigned Requirements - Associate's degree in information technology, communications, or related fields with 3+ years of relevant experience, or a combination of industry certifications and experience that equates to that knowledge - Demonstrated understanding of NIST SP.800-171, NIST SP.800-171A, NIST SP.800-53, NIST SP.800-53A, FedRAMP and/or other similar federal government regulations and industry standards - CMMC Certified Professional (CCP). Highly qualified candidates who do not possess this certification may be considered - they must obtain within 6 months of hire at their own cost. - Ability to pass an extensive background check - Strong written and interpersonal communication skills; experience with technical writing, procedure and policy writing preferred - Excellent organizational skills with ability to prioritize - Proficient in Microsoft Office Online/Microsoft 365 (Word, PowerPoint, Excel, Outlook) - Creative and innovative thinking, problem solving and analytical skills - Possess strong customer service skills and customer-focused mindset - Must maintain a high degree of integrity, confidentiality, and privacy - Desire to ask questions and learn quickly - Working understanding of IT and Infrastructure acronyms and definitions Export Control Notice: This position may involve access to information subject to U.S. export control laws, including the International Traffic in Arms Regulations (ITAR) or the Export Administration Regulations (EAR). Qualified applicants will be considered regardless of national origin or immigration status. If a candidate does not meet the definition of a "U.S. Person" (as defined in 22 CFR § 120.15), the company will assess whether an export license is required. If a license is required, any offer of employment will be contingent upon the candidate's eligibility for, and the company's ability to obtain, such a license in accordance with U.S. law. A "U.S. Person" includes U.S. citizens, lawful permanent residents, asylees, and refugees. Summit 7 Systems is an equal opportunity/ affirmative action employer and an alcohol and drug free workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status Summit 7 Systems requires background investigations. Any offer of employment is contingent upon the results of a reference/background check. We are a drug and alcohol-free workplace and require pre-employment drug screening.

• Serve as a primary point of contact for risk assessments related to DCX systems, tools, and processes • Conduct risk assessments, including third-party and vendor reviews • Maintain and update the risk register, mitigation plans, and risk status tracking • Monitor organizational and system changes to identify emerging risks • Support internal and external audits (e.g., NIST, SOC2) through evidence collection and reporting • Maintain compliance alignment with: NIST Cybersecurity Framework, SOC2, ISO/IEC 27001, Data Privacy Act and applicable privacy regulations. • Track audit findings and follow up on remediation activities. • Support employee risk and security awareness initiatives, including training compliance and campaigns. • Track and report GRC KPIs, metrics, and trends. • Prepare monthly GRC summary reports for leadership. • Collaborate with other departments to provide GRC advisory and consultation services. • Extend GRC support to other departments by assisting with process risk reviews and compliance guidance. • Perform other tasks analogous to the foregoing.