• Test and evaluate the operating effectiveness of internal controls against the relevant AICPA Trust Services Criteria (TSC), including: Security, Availability, Processing Integrity, Confidentiality, Privacy. • Conduct Gap analysis and readiness assessments to identify and document gaps in the organization's existing controls. • Gather and organize sufficient and appropriate evidence to support the findings. • Compile the results of the audit into a detailed SOC 2 Type 2 report. • Provide recommendations and guidance on remediation and best practices for improving security posture. • Produce and review key performance indicators for implemented security measures and distribute KPIs. • Maintain knowledge of threat landscape by monitoring threat intelligence and other related sources.

• Lead the design, implementation, and maintenance of the ISMS in compliance with ISO 27001 standards. • Conduct risk assessments and develop risk treatment plans to mitigate information security risks. • Coordinate and conduct internal audits to ensure ongoing compliance with ISO 27001 and prepare the organization for external audits. • Develop and deliver training programs to raise awareness of information security policies and procedures across the organization. • Work closely with cross-functional teams to ensure information security is integrated into all business processes and projects. • Maintain up-to-date documentation of the ISMS, including policies, procedures, and audit records. • Monitor and report on the performance of the ISMS, including metrics and key performance indicators (KPIs). • Stay current with the latest developments in information security and ISO 27001 standards to ensure continuous improvement of the ISMS. • Provide expert guidance and support to the organization on all matters related to ISO 27001 and information security. • Collaborate with external auditors and regulatory bodies as needed.

• Assess Organizational Readiness: Evaluate current cybersecurity practices and gaps in relation to the three CMMC 2.0 levels (Foundational, Advanced, Expert) • CMMC Certification Guidance: Provide expert advice on the steps required to achieve and maintain certifications for Levels 1, 2, 3 and 4, including guidance on self-assessments, third-party certifications, and government-led assessments • Compliance Strategy: Develop a comprehensive roadmap for achieving CMMC compliance, including identifying necessary controls and policies, implementing NIST SP 800-171/800-172 requirements, and addressing Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) security • Subcontractor Oversight: Assist prime contractors in ensuring that subcontractors meet CMMC certification requirements, implementing a robust supply chain compliance management system • Incident Reporting & Continuous Compliance: Provide guidance on establishing continuous monitoring and compliance processes, including the rapid reporting of security incidents (72-hour notification) and annual affirmations of compliance • Training & Awareness: Conduct training sessions for internal teams and contractors to understand the CMMC requirements and how to implement appropriate cybersecurity controls

• Remediate digital documents of varying complexity. • Ensure compliance with WCAG 2.1 AA, Section 508, and PDF/UA accessibility standards • Remediate multiple file types, including: Microsoft Word, Excel, PowerPoint, Google Docs, Sheets, Slides, Scanned and non-scanned PDFs • Conduct quality assurance reviews to validate accuracy and accessibility • Collaborate with team members to support efficient, user-friendly submission and workflow processes • Meet turnaround timelines for both simple and complex file types