Role Description GovCIO is currently hiring for an Information Systems Security Officer (ISSO) to support our client’s contract needs. The ISSO ensures the confidentiality, integrity, and availability of HUD information systems by executing the NIST Risk Management Framework (RMF), supporting system authorization activities, conducting continuous monitoring, and coordinating remediation efforts with system owners and technical teams. Key responsibilities include: - Support and execute all phases of the NIST SP 800-37 RMF lifecycle including categorization, control selection, implementation, assessment, authorization, and continuous monitoring. - Develop, maintain, and update RMF documentation in JCAM including System Security Plans, Security Assessment Plans, Security Assessment Reports, POA&Ms, Configuration Management Plans, Contingency Plans, Incident Response Plans, Risk Assessment documentation, and interconnection documents. - Establish system impact levels following FIPS 199 for confidentiality, integrity, and availability. - Ensure systems comply with FISMA, NIST SP 800-53 Rev 5, OMB A-130, and applicable agency cybersecurity policies. - Prepare and maintain Body of Evidence materials and control traceability documentation in JCAM. - Support Authorization to Operate (ATO), Authority to Connect (ATC), and ongoing authorization activities; maintain associated documentation in JCAM. - Review and analyze vulnerability scan results using Tenable Security Center. - Validate asset inventories and correlate system information. - Validate secure configuration baselines and system hardening standards. - Track remediation activities and ensure POA&M items and milestones are created, updated, and closed on schedule. - Review endpoint security posture and support investigations by correlating endpoint findings with vulnerability, configuration, and CDM data. - Provide security reporting, dashboards, and status updates to system owners and leadership. - Support configuration management processes by reviewing and assessing change requests for security impact. - Ensure security controls are implemented correctly during system changes, upgrades, or new deployments. - Stay informed on emerging cybersecurity policies, standards, and threat landscapes; provide recommendations for improving security posture. - Collaborate with technical and non-technical personnel to review systems, gather evidence, and communicate security requirements. Qualifications - Bachelor’s degree in IT, Cybersecurity, Computer Science, or related field (or equivalent experience) with 5-8+ years or (commensurate experience). Requirements - 2–3 years in an ISSO or cybersecurity compliance role supporting RMF process. - Strong understanding of NIST 800-53 controls and assessment procedures. - Experience collecting, developing and maintaining RMF artifacts. - Experience managing POA&Ms and documenting remediation efforts. - Experience reviewing, interpreting, or validating vulnerability and configuration findings. - Clearance Required: Ability to obtain and maintain a HUD Public Trust clearance. Preferred Qualifications - CISSP, CISM, or similar advanced certification. - Experience supporting federal authorization packages. - Familiarity with CDM reporting and continuous monitoring processes. - Experience supporting secure development or cloud system reviews. Posted Salary Range USD $90,000.00 - USD $110,000.00 /Yr.

Role Description Employment Hero is seeking a Security GRC Engineer to join our Information Security department. In this build-centric and technical position, you will be responsible for engineering the integrations, tooling, and automation that power our GRC program. You will collaborate with our Audit Specialist to ensure our compliance is continuous, verifiable, and automated, reducing manual effort across the board. This role offers true ownership of our compliance automation from the start. You will transform control monitoring and evidence gathering into functional code while integrating the core systems that support our certifications. This is an ideal opportunity for an engineer with a compliance background, or a GRC expert who enjoys building, to scale automated security operations within a high-growth environment. As a GRC Analyst, you will be involved in: - Audit & Compliance Operations - Build and extend our in-house GRC automation platform (Python services on cloud infrastructure) that automates evidence collection, control checks, compliance letters and lost-device handling. - Build and run LLM-based tooling that reviews controls for evidence gaps and routes them to the right owners. - Own the day-to-day maintenance of Vanta: keep controls current, collect evidence from stakeholders, and manage control statuses across our certification portfolio. - Support audit preparation across our ISO and SOC 2 programs: prepare documentation, track auditor requests, and keep audit cycles on schedule. - Coordinate evidence collection and follow-ups with internal teams so that nothing is missed. - Maintain and report on compliance posture (control health, overdue evidence, vendor review status) to the security team. - Risk & Vendor Support - Assist with risk assessments: document, track, and follow up on identified risks in our GRC tooling. - Support third-party and vendor risk processes: coordinate vendor questionnaires, track review status, and maintain vendor registers. - Policy & BAU - Help maintain and review information security policies: flag outdated content, track review cycles, and support updates where needed. - Assist with broader GRC BAU tasks as the team’s needs evolve. Qualifications - A relevant degree or certification (e.g. CompTIA Security+, ISO 27001, ISO 27701, ISO 42001 Lead Auditor, Certified in Cybersecurity). - A background in constructing LLM-based solutions and the ability to execute end-to-end automation of manual workflows are highly valued assets. - 2 – 4 years in a GRC, compliance, or audit role (analyst, coordinator, or similar). - Experience working in a tech, SaaS, or scale-up environment. - Familiarity with Vanta or similar compliance automation tools (e.g. Drata, Tugboat Logic) is a strong plus. - A working understanding of frameworks like ISO 27001 or SOC 2. You do not need to be an expert, but you should know the basics. - Exposure to privacy or AI governance frameworks such as ISO 27701, 27018, or 42001. - Strong attention to detail and reliable follow-through. Organised and self-directed, able to manage multiple workstreams at once. - Clear communicator who is comfortable chasing stakeholders, asking questions, and keeping people accountable in a friendly but persistent way. - Eager to learn and open to feedback, with a genuine drive to grow in information security. The technical depth can be built, the mindset needs to be there. - A strong focus on continuous improvement, with a proven ability to challenge the status quo constructively. Benefits - You will work remotely, with the flexibility to own your time and impact. - You will access cutting-edge tools to amplify your work, knowledge and outputs. - You’ll surround yourself with ambitious, outcome-driven colleagues who challenge you to do the best work of your life. - You’ll own ESOP (employee share options) in one of the world’s fastest-growing tech companies. - You’ll also have access to a wide range of benefits that includes: - A very generous parental leave policy. - Subsidised egg freezing (so you can make the choice that’s right for you, on your terms). - A WFH office expense budget. - Outstanding learning & development opportunities.

Circle (NYSE: CRCL) is one of the world's leading internet financial platform companies, building the foundation of a more open, global economy through digital assets, payment applications, and programmable blockchain infrastructure. Circle's platform includes the world's largest regulated stablecoin network anchored by USDC, Circle Payments Network for global money movement, and Arc, an enterprise-grade blockchain designed to become the Economic OS for the internet. Enterprises, financial institutions, and developers use Circle to power trusted, internet-scale financial innovation. Learn more at circle.com . What you'll be part of: Circle is committed to visibility and stability in everything we do. As we grow as an organization, we're expanding into some of the world's strongest jurisdictions. Speed and efficiency are motivators for our success and our employees live by our company values : High Integrity, Future Forward, Multistakeholder, Mindful, and Driven by Excellence. We have built a flexible work environment where new ideas are encouraged and everyone is a stakeholder. What you'll be responsible for: The Circle Security Team works to protect Circle; our customers, clients, and partners; and the financial markets upon which we rely. As a member of this team, you'll lead projects and be responsible for key deliverables of the security program while collaborating across Circle teams. You will continue to learn and stay current in a fun and rapidly changing environment. Also note that this position will require you to perform on-call duties mainly during working hours to support security operations, and you will assist the team with the occasional night time and weekend incident. We would also like someone with a strong response background and some exposure to insider risk. What you'll work on: - Proactively identify and respond to emerging security threats. - Advance deployment of AI to SOC function. - Help manage core tooling, such as SIEM and Orchestration platforms. - Identify gaps in our infrastructure, and work with business partners to gain visibility through logging and detection. - Respond to incidents and collaborate across teams to investigate and resolve. - Develop detection techniques to identify anomalous behaviors and attacks across the environment. - Support broader security team projects such as threat modeling, vulnerability scanning, audits, and custom tool building. - Take on-call shifts. What you'll bring to Circle: - Strong ability to work collaboratively across teams during high-stress situations, which sometimes involves after hours work. - Ability to manage multiple competing priorities and use good judgment to establish order of priorities on the fly. - Self-motivated and creative problem-solver able to work independently with minimal guidance. - Experience/familiarity with Slack, Apple MacOS, and GSuite. We're looking for strong, impactful work experience, which typically includes: - 2+ years of experience in detection, response, or security engineering. - Experience working security incidents, especially those involving engineering. - Experience working in an AWS + EKS environment required. - Hands-on experience using AI tooling both to accelerate work and to address threats, coupled with a strong understanding of the organizational risks AI introduces and strategies to defend against them. - Knowledge of operating systems, file systems, and memory on MacOS. - Programming experience in Python, Golang, or similar programming languages. - Professional or hobbyist blockchain exposure is preferred. You are the right person if you: - View Security Detection & Response as a data and engineering problem. - Exude positivity. - Aren't afraid to share your ideas. - Meet problems head-on and view them as opportunities. - Are self-reliant and motivated. - Communicate fearlessly. Circle is on a mission to create an inclusive financial future, with transparency at our core. We consider a wide variety of elements when crafting our compensation ranges and total compensation packages. Starting pay is determined by various factors, including but not limited to: relevant experience, skill set, qualifications, and other business and organizational needs. Please note that compensation ranges may differ for candidates in other locations. Base Pay Range: $122,500 - $165,000 We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status, or any other protected status required by the laws in the locations where we hire. Additionally, Circle participates in the E-Verify Program in certain locations, as required by law. Should you require accommodations or assistance in our interview process because of a disability, please reach out to accommodations@circle.com for support. We respect your privacy and will connect with you separately from our interview process to accommodate your needs. #LI-Remote

• Support a technical white-box security audit of our client's data and AI ecosystem. • Include internally hosted Google Cloud tools, data pipelines, third-party integrations, and LLM/AI agents. • Engage on a full-time basis for around 1 month. • Work during London time hours.