The Better Way to Do Security Compliance.
Senior Security Compliance Consultant
Location
Florida
Posted
92 days ago
Salary
0
Seniority
Senior
Job Description
Senior Security Compliance Consultant
ASCERA
__Own The Role:__112Cyber (formerly SP6 Cyber Risk & Compliance) is looking for a Compliance SME wanting to take the next step in their career! In this role, you will assist organizations in solidifying and strengthening their security posture while also conducting assessments for those pursuing certification. Joining our Compliance team, you will see your impact across the company as you take ownership over customer projects and advising our platform team on the different compliance rules. From there, you will be supporting Defense Industrial Base (DiB) companies to ensure they are CMMC and/or NIST 800-171 compliant. You will accomplish this through providing pre-audit readiness and GAP assessments, plans of action and milestones (POA&M) support, Compliance as a Service (CaaS), and official C3PAO assessments. __**How You’ll Drive Success:**____Advisory Services__ - Leading cybersecurity gap assessments aligned with NIST SP 800-171 and Cybersecurity Maturity Model Certification (CMMC). - Supporting the day-to-day activities of engagements for external clients, as a contributing member of 112Cyber’s customer-facing Cyber Risk & Compliance practice. - Assist external customers in their FedRAMP, DFARS 7012, CMMC, and NIST 800-171 compliance initiatives. - Applying cyber compliance / risk management knowledge, control principles and technical knowledge across cyber risk and compliance engagements. - Consulting with end clients to gather requirements and understand our clients' key business and security challenges. Working with team members to advise on practical and cost-effective solutions to help mitigate our clients’ cybersecurity risks and challenges. - In depth knowledge of relevant security regulatory compliance requirements and translating those into business processes and security controls to enhance and support client’s compliance and audit capabilities. - Articulating and defending IT controls testing approach and performing test of design and operating effectiveness. - Develop and deliver training to internal teams and customers. - Establishing and maintaining effective working relationships with colleagues, existing clients, and prospective client organizations. - Supporting the ASCERA product team and advising them on NIST continuous monitoring software. __C3PAO Assessments__ - Conducting formal assessments of organizations’ cybersecurity practices using the CMMC assessment process (CAP). - Collaborate with client organizations to plan assessments, develop assessment schedules, and ensure readiness - Assess the effectiveness of security practices and ensure they align with the CMMC practices and processes. - Interview key personnel within the organization to understand how cybersecurity practices are implemented and maintained. - Evaluate sufficiency and adequacy of evidence to verify implementation. - Maintain an objective and unbiased stance during the assessment process, ensuring that conclusions are based on facts and evidence. - Ensure that all documentation is properly prepared for submission to eMASS if the organization is seeking certification.
Job Requirements
- __**To Be Successful:**__
- CMMC Certified Assessor (CCA).
- Security+, CySA+, CISA, CISM, SSCP, CISSP or other related certification
- 5 minimum years of experience testing and documenting IT security controls including experience managing and facilitating external IT audits.
- 5 minimum years of experience leading external or internal audits, e.g., CMMC, FedRAMP, ISO 27001, PCI.
- 5 minimum years of experience with cybersecurity.
- Self-driven, with a strong desire to succeed.
- Ability to engage with customers/executives and foster positive relationships.
- Exceptional communicator and ability to relay complex technical concepts to non-technical audience.
Benefits
- __**Why 112Cyber?**__
- The chance to be part of a winning team and a premier C3PAO.
- Competitive salary.
- Quarterly Bonus plan.
- Comprehensive medical, dental, and vision plans.
- 401(k) with company match.
- 30 days annual paid time off.
- Significant Training and Development and Certification attainment.
- Opportunity for long term career advancement.
- Your contributions are felt and recognized at our growing company.
- __**About 112Cyber:**__112Cyber is an industry recognized C3PAO (Certified Third-Party Assessor Organization) dedicated to assisting organizations in effectively identifying and managing cyber risks while ensuring compliance with industry standards, federal laws, and regulations.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Senior Software Engineer – OpenShift Infrastructure, Security Compliance
Red HatThe leading provider of enterprise open source solutions.
• Develop tooling to generate and automate regulatory benchmark guidance • AI driven tooling (MCP servers/toolsets) that integrates with IDEs (Claude Code/Cursor) • Understanding Compliance Operator resources, like CustomRules and Profiles • Implementing checks using multiple scanning technologies, like OpenSCAP and CEL expressions • Developing and maintaining operators that improve OpenShift security posture • Contribute to industry benchmark regulatory bodies where applicable (CIS)
Business Security Partner, M&A
NetflixDescribed as the world's top internet television network, Netflix is a publicly-traded entertainment company offering video-on-demand and streaming media. As an
• Cultivate and maintain strong relationships with business stakeholders. • Conduct threat intelligence for potential incoming target acquisition companies. • Lead security and privacy due diligence process for target acquisitions, including technical architecture reviews, penetration tests, vulnerability assessments, security and privacy evaluations, risk identification and risk prioritization. • Develop the security strategy for each incoming M&A; documenting key details about the target acquisition, technology stack, current security and privacy posture, third-party due diligence results, etc. ahead of deal close to ensure that all members across SPA teams and relevant stakeholders are up-to-speed and understand the acquisition’s security posture. • Partner closely with our corporate IT M&A counterparts throughout the acquisition due diligence process. • Partner with the the M&A Security TPM to hand off active onboarding integration activities to ensure a smooth transition for the target acquisition personnel. • Manage long term security and privacy risk management for the subsidiary after active onboarding completes, where applicable; ensuring that critical and high risk security risks are prioritized and mitigated/resolved. • Evaluate risks within the acquisition, advise the business on prioritization, and recommend treatment strategies. • Develop metrics and reporting in partnership with the M&A Security TPM to communicate security and privacy M&A to SPA and other key stakeholders. • Serve as the subject matter expert for the target on security, privacy, risk, and compliance.
• Deliver proactive, secure-by-default protections across the stack (cloud, CI/CD, applications, and endpoints) by creating paved roads and guardrails that reduce risk at scale and become the default way to build • Provide practical security guidance on new products and technologies, emphasizing secure-by-default patterns that fit seamlessly into existing workflows • Lead design reviews and threat modeling for high-impact features and services; identify risks early and ensure mitigations are designed in • Build and scale security tooling that prevents issues at build/deploy time and automates detection and response in production • Evolve our detection and incident response capabilities — improve signal quality, tune detections, and implement automated responders to reduce manual toil and time to contain • Partner across business functions to strengthen company-wide security: endpoint and device trust, identity and email protections, security awareness and training, vendor reviews and risk assessments, and support for compliance (e.g., PCI/SOX) • Protect SeatGeek from abuse and bots at the edge and app layers through layered defenses and tuning • Lead and participate in notable security incidents and tabletops; improve runbooks, processes, and stakeholder communications after each event • Mentor engineers, uplevel secure coding practices, and contribute to a positive, pragmatic security culture across the company
• Protect sensitive data and critical assets from current and emerging threats • Collaborate and pair with cyber security services to create secure, reliable, scalable software solutions • Document, review and ensure that all quality and change control standards are met • Write custom code or scripts to automate infrastructure, monitoring services, and test cases • Work with vendors and partners for the successful implementation of critical tooling and platforms • Create meaningful dashboards, logging, alerting, and responses to ensure that issues are captured and addressed proactively • Evaluate new technologies for adoption across the enterprise • Participate in and lead review board sessions to drive consistency across the enterprise • Field questions from engineers, cyber teams, or support teams • Monitor tools and participate in conversations to encourage collaboration across teams • Provide application support for software running in production • Act as a technical escalation point for the engineers on the team • Provide leadership, mentoring, and coaching to Software Engineers • Attract, retain, and develop top talent to build a world class Software Engineering Team • Conduct annual and mid-year reviews by reviewing individual development plans and team feedback • Foster collaboration with team members to drive consistency across cyber security teams
