• As a Copy Supervisor, you’ll lead with both strategy and storytelling—bringing science and creativity together to create powerful, precise, and emotionally resonant communications. • Consistently craft clear, concise, and compelling content across audiences and channels —professional, patient, and consumer; print and digital platforms. • Oversee the tone, accuracy, and brand alignment of all copy deliverables. • Supervise and provide guidance to a team of copywriters and freelancers. • Develop core messaging platforms for assigned brands and new business opportunities. • Contribute creative and strategic solutions that help drive brand growth and client success. • Lead copy and creative discussions in internal meetings and client presentations. • Ensure all content produced under your direction meets client objectives, regulatory standards, and agency expectations. • Establish yourself as an expert on your brands —understanding the science, the market, the mindset, and the motivation behind every message. • Provide clinical insight and translate complex science into engaging, accurate storytelling. • Contribute original thinking that inspires new opportunities and helps shape the agency’s future.

• Test and evaluate the operating effectiveness of internal controls against the relevant AICPA Trust Services Criteria (TSC), including: Security, Availability, Processing Integrity, Confidentiality, Privacy. • Conduct Gap analysis and readiness assessments to identify and document gaps in the organization's existing controls. • Gather and organize sufficient and appropriate evidence to support the findings. • Compile the results of the audit into a detailed SOC 2 Type 2 report. • Provide recommendations and guidance on remediation and best practices for improving security posture. • Produce and review key performance indicators for implemented security measures and distribute KPIs. • Maintain knowledge of threat landscape by monitoring threat intelligence and other related sources.

• Lead the design, implementation, and maintenance of the ISMS in compliance with ISO 27001 standards. • Conduct risk assessments and develop risk treatment plans to mitigate information security risks. • Coordinate and conduct internal audits to ensure ongoing compliance with ISO 27001 and prepare the organization for external audits. • Develop and deliver training programs to raise awareness of information security policies and procedures across the organization. • Work closely with cross-functional teams to ensure information security is integrated into all business processes and projects. • Maintain up-to-date documentation of the ISMS, including policies, procedures, and audit records. • Monitor and report on the performance of the ISMS, including metrics and key performance indicators (KPIs). • Stay current with the latest developments in information security and ISO 27001 standards to ensure continuous improvement of the ISMS. • Provide expert guidance and support to the organization on all matters related to ISO 27001 and information security. • Collaborate with external auditors and regulatory bodies as needed.

• Assess Organizational Readiness: Evaluate current cybersecurity practices and gaps in relation to the three CMMC 2.0 levels (Foundational, Advanced, Expert) • CMMC Certification Guidance: Provide expert advice on the steps required to achieve and maintain certifications for Levels 1, 2, 3 and 4, including guidance on self-assessments, third-party certifications, and government-led assessments • Compliance Strategy: Develop a comprehensive roadmap for achieving CMMC compliance, including identifying necessary controls and policies, implementing NIST SP 800-171/800-172 requirements, and addressing Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) security • Subcontractor Oversight: Assist prime contractors in ensuring that subcontractors meet CMMC certification requirements, implementing a robust supply chain compliance management system • Incident Reporting & Continuous Compliance: Provide guidance on establishing continuous monitoring and compliance processes, including the rapid reporting of security incidents (72-hour notification) and annual affirmations of compliance • Training & Awareness: Conduct training sessions for internal teams and contractors to understand the CMMC requirements and how to implement appropriate cybersecurity controls