• Run FedRAMP Continuous Monitoring (ConMon) processes and ensure successful monthly reviews with ExtraHop and agency stakeholders; manage asset inventory, vulnerability scan findings, and the Plan of Action & Milestones (POA&M) document • Manage vulnerability detection and response pipelines, including tools, reporting and tracking • Lead the vulnerability management lifecycle: triage, reporting, coordination with system owners, and remediation tracking • Develop and provide vulnerability findings and responses for internal and external stakeholders, including customers • Collaborate with the Director of Product Security to handle customer and pre-sales security inquiries • Assist in addressing compliance requirements for various standards, (e.g., CSA STAR, ISO 27001, DoDIN APL, NIAP, FIPS, CMMC, IL4), supporting gap assessments and facilitating audits (including coordinating evidence collection and submission) • Develop a product security compliance roadmap and coordinate key activities across the organization to achieve milestones • Collaborate with Product Security team members to develop and improve standards, policies, procedures, documentation, and training • Work with security information & event management (SIEM) tooling and other systems to perform security investigations • Perform and/or lead security incident response activities • Participate in an on-call rotation with occasional after-hours paging to review carefully prioritized security detections

Role Description At Machinify, we’re building a robust security program to protect our clients’ sensitive healthcare data and maintain the highest standards of information security. As part of the Security team, you will play a central role in managing our security assurance operations — helping ensure that customer requests, audit activities, and compliance processes run smoothly and efficiently. This is an entry-level role suited for someone detail-oriented, hardworking, and intellectually curious. A background in cybersecurity is helpful but not required. We’ll consider candidates with experience in business operations, finance, accounting, or related fields who demonstrate strong organizational instincts and a commitment to doing things right. What You’ll Do - Security Assurance Operations (60% of role) - Own the intake process for security assurance requests: review incoming tickets, triage and prioritize work, assign tasks to the appropriate team members, and track requests to resolution. - Resolve routine and straightforward security inquiries and questionnaire items independently. - Communicate clearly with internal stakeholders and customers throughout the assurance process, setting expectations and providing status updates. - Respond to customer security questionnaires and audit requests with accuracy and timeliness, escalating complex items as appropriate. - Maintain the security documentation repository and ensure materials are current and accessible. - Support customer-facing security calls and presentations alongside senior team members. - Audit and Compliance Support (25% of role) - Assist with HITRUST r2 and SOC 2 audit preparation and evidence collection. - Help coordinate audit activities across internal teams, tracking open items and deadlines. - Support access review processes and other recurring compliance activities. - Assist with security policy and procedure maintenance. - General Security Program Support (15% of role) - Track and report on security metrics and assurance request status. - Support vendor risk assessment activities. - Assist with security awareness efforts and documentation as needed. - Participate in security incident response when needed. Qualifications - Bachelor’s degree in Information Security, Business, Operations, Finance, Accounting, or a related field, or equivalent work experience. - Strong attention to detail and follow-through — you catch things others miss and see tasks through to completion. - Excellent written and verbal communication skills, including comfort communicating with external clients. - Ability to manage multiple concurrent requests and prioritize effectively in a fast-paced environment. - Strong problem-solving orientation; you approach unfamiliar situations with curiosity and good judgment. - Proficiency with productivity and work-tracking tools (ticketing systems, spreadsheets, document management). Requirements - 1–2 years of experience in operations, compliance, audit support, finance, or a related field. - Exposure to information security concepts, frameworks (NIST, HITRUST, SOC 2), or HIPAA compliance. - Experience in healthcare, healthcare technology, or working with regulated data environments. - Familiarity with GRC or security assurance workflows. Benefits - Work from anywhere in the US! Machinify is digital-first. - Top Medical/Dental/Vision offerings. - FSA/HSA. - Tuition reimbursement. - Competitive salary, 401(k) with company match. - Additional health and wellness benefits and perks. - Flexible and trusting environment where you’ll feel empowered to do your best work.

• Apoiar a equipe comercial na qualificação, apresentação e proposição de soluções de segurança que sejam aderentes a necessidade dos clientes; • Realizar adoção de soluções de segurança implantadas, potencializando o benefício das soluções para os clientes; • Desenvolver projetos técnicos detalhados, prezando pela aderência e adequação às características de cada cliente; • Realizar a implantação de soluções de segurança no ambiente dos clientes de acordo com boas práticas recomendadas e procedimentos internos da Teltec; • Executar atividades corretivas ou evolutivas no ambiente de infraestrutura dos clientes; • Documentar atividades e trabalhos realizados nos projetos durante a fase comercial e após a implantação dos projetos; • Realizar treinamentos técnicos orientados a soluções específicas dos clientes; • Atender solicitações técnicas de 3º nível originadas pelo Service desk; • Promover conhecimento aos analistas, transferindo e multiplicando seu conhecimento e experiência dentro da equipe.

Role Description Responsible for day-to-day operation of the company’s compliance and AI governance program in a regulated, government-facing environment. This role focuses on translating regulatory, cybersecurity, AI governance, and audit requirements into actionable internal processes, coordinating audit readiness, maintaining documentation, and ensuring ongoing compliance alignment. The position partners closely with the CTO, Cloud Hosting Manager, Engineering, and Security stakeholders to support secure operations, responsible AI usage, and adherence to applicable regulatory frameworks and data protection standards. - Interpret regulatory, contractual, cybersecurity, and AI governance requirements (e.g., SOC 2, CJIS, NIST-based controls, ISO 27001, AI governance standards, state/local requirements) into internal tasks and control activities - Coordinate audit readiness efforts, including evidence collection, organization, validation, and remediation tracking - Serve as primary internal point of contact for auditors; support external audit processes, security assessments, and follow-up activities - Maintain and update policies, procedures, control narratives, risk assessments, AI governance documentation, and compliance records - Track compliance status, findings, risks, and remediation efforts; ensure timely closure of identified gaps - Partner with Hosting, Engineering, Security, and Product teams to validate implementation of security, privacy, and AI-related controls - Support governance and oversight of AI-related processes, including data handling, model usage, vendor assessments, and responsible AI practices - Assist in identifying and mitigating cybersecurity, privacy, and AI-related operational risks - Escalate ambiguous, high-risk, or non-compliant requirements and coordinate resolution activities - Support vendor compliance reviews, security questionnaires, and third-party risk documentation requests as needed - Assist in maintaining control mappings across multiple compliance and security frameworks - Contribute to continuous improvement of compliance, information security, and AI governance processes Qualifications - 3–7+ years of experience in compliance, risk management, cybersecurity governance, audit coordination, or related function - Working knowledge of at least one framework (SOC 2, NIST, CJIS, ISO 27001, or similar) - Familiarity with cybersecurity governance principles, access controls, data protection practices, and risk management methodologies - Exposure to AI governance, responsible AI practices, data privacy considerations, or emerging AI regulatory requirements preferred - Experience supporting audits (internal or external), including evidence collection and auditor interaction - Strong documentation skills; ability to produce clear, structured policies, procedures, and governance documentation - Ability to interpret technical and regulatory requirements and translate them into operational tasks and controls - Comfortable working cross-functionally with technical, security, and operational teams - Detail-oriented with strong organizational and follow-through capabilities Requirements - Experience in government, public sector, healthcare, or other regulated environments - Exposure to multiple frameworks or control mapping activities - Familiarity with compliance and security tools (e.g., Vanta, Drata, Wiz, Microsoft Purview, Defender, or similar platforms) - Experience supporting cloud security governance in Azure or AWS environments - Understanding of AI security, data governance, or vendor risk management practices related to AI-enabled solutions Benefits - Health care benefits and Insurance benefits (e.g., vision, dental, life, disability) - Retirement benefits (e.g., 401(k)) - Paid time off - 11 Paid holidays