• Set the vision and operating model for Corporate Security across engineering, identity, endpoint and device security, and end-user services, aligning security outcomes with productivity and service quality. • Lead a globally distributed, multi-disciplinary organization through clear roadmaps, strong managers, measurable priorities, and high operational standards. • Own GitLab’s internal identity and access strategy across Okta, lifecycle automation, RBAC and ABAC, administrative access controls, cloud access governance, and the ongoing evolution of Identity v3. • Drive secure-by-default endpoint and device strategy across GitLab’s fleet, with particular strength in macOS, endpoint hardening, configuration management, telemetry, detection partnerships, and engineering-led change control. • Oversee end-user services and internal IT support for the company, including access management, hardware support, and support for core applications such as Google Workspace, Slack, and Zoom, while improving helpdesk effectiveness and service experience. • Build scalable onboarding, offboarding, and role-change processes that reduce risk, improve auditability, and remove friction for team members and business stakeholders. • Partner cross-functionally with Security, IT, Engineering, People, Compliance, Finance, and Legal to translate business and regulatory requirements into pragmatic controls, policies, and workflows. • Own vendor, tooling, and budget strategy for the Corporate Security estate, using metrics to improve resilience, team member experience, and risk reduction over time.

Role Description In support of our growing Risk Advisory practice, we are seeking an experienced CMMC Certified Assessor (CCA) to support and perform CMMC assessments engagements across our client base. This role is ideal for someone who enjoys hands‑on assessment work, working closely with clients, and building deep technical expertise within a collaborative environment. A Day in the Life: - Supporting and performing CMMC Level 2 assessments in alignment with CMMC and DoD requirements. - Evaluating control design and operating effectiveness and helping identify gaps and deficiencies. - Gathering, reviewing, and validating assessment evidence and maintaining clear, well‑organized documentation. - Contributing to high‑quality workpapers and assessment deliverables aligned with firm methodology and standards. - Interacting directly with client personnel to obtain evidence, clarify requirements, and answer questions. - Supporting Leads with project execution, timelines, and engagement coordination. - Staying current on evolving CMMC guidance, DoD updates, and cybersecurity compliance trends. Qualifications - Bachelor’s degree in Information Security, Information Systems, Computer Science, Cybersecurity, or a related field. - Active CCA (CMMC Certified Assessor) certification, including adjudicated Tier 3 background. - 3+ years of experience in cybersecurity, compliance, risk management, or GRC, preferably in consulting or client‑facing roles. - Hands‑on experience supporting or performing CMMC readiness efforts and/or assessments. - Working knowledge of CMMC requirements, assessment objectives, and evidence expectations. - Detail‑oriented with the ability to manage tasks across multiple engagements. - Interest in continuing to grow within CMMC and cybersecurity compliance. - Ability to travel up to 15%, as needed. - Must be authorized to work in the United States now or in the future without visa sponsorship. Benefits - Generous paid time off. - Comprehensive medical, dental, and vision insurance. - 401(k) profit sharing. - Life and disability insurance. - Lifestyle spending account. - Certification incentives. - Education assistance. - Referral program. Company Description People join Eide Bailly for the opportunities and stay because of the culture. At Eide Bailly, we've built a collaborative workplace based on integrity, authenticity, and support for one another. You'll find opportunities for education and career growth, a team dedicated to your success, and benefits that put your family's needs first. Compensation: $80,000-$125,000 Our compensation philosophy emphasizes competitive and equitable pay. Eide Bailly complies with all local/state regulations regarding displaying ranges. Final compensation decisions are dependent upon factors such as geography, experience, education, skills, and internal equity. Eide Bailly LLP is proud to be an affirmative action/equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, veteran status, or any other status protected under local, state or federal laws.

• Set up and drive the overall information security strategy. • Own the ISMS standards and their adoption, ensuring compliance with company and external requirements including SOC 2 and ISO 27001. • Organise and manage ISMS-related scheduled activities and drive continuous improvement of the ISMS. • Contribute to security architecture and design decisions. • Oversee security tooling such as EDR, SIEM, MFA, password managers, device management, and access review processes. • Act as the primary escalation point, during and outside business hours, for all major security-related incidents and events. • Coordinate and manage corrective actions and responses to security incidents. • Own security documentation, including policies, standards, exceptions, risk registers, and control evidence. • Oversee the internal risk-assessment and audit programme, supporting internal and external audits, remediating findings, and tracking control improvements to closure. • Support vendor and supplier risk management, including due diligence, sub-processor oversight, and security assessments. • Own the access control process, validate and audit access across divisions and functions. • Provide management reporting on risk posture, incidents, audit status, metrics, service trends, and improvement plans. • Work with engineering, DevOps, HR, and customer facing teams to embed controls into everyday processes. • Drive ongoing security governance improvements. • Address data privacy and data protection concerns, and manage responses to customer data privacy requests. • Act as Data Protection Officer (DPO) for the organisation if and as required. • Help enforce security policies, building adoption, embedding them in the company culture, and introducing regular checks on departmental compliance. • Own and deliver security awareness training and campaigns to strengthen the security culture. • Complete security-related sections of RFPs and customer questionnaires, build and maintain a security knowledge base, and provide assurance of the integrity, confidentiality, and availability of information owned, controlled, and processed by the organisation. • Attend meetings with customers and prospects to provide insights into how HICX implements security across the organization. • Manage a small team of IT support admins providing internal IT support to HICX employees and contractors. • Act as the escalation point for complex IT issues, incidents, and problems requiring cross-team coordination. • Ensure IT support activities align with security controls, access management, and acceptable use requirements. • Oversee onboarding, offboarding, account lifecycle management, and device provisioning/deprovisioning. • Own and maintain standard operating procedures and the operations platform. • Help balance usability, cost, and security when selecting or renewing SaaS and IT tools. • Carry out other reasonable duties as required by the Company.

• Lead Cloud & AI Security Strategy: Own and execute the strategic vision, roadmap, and operating model for Ascension's Cloud Security and AI Security programs under the Senior Director, driving secure adoption of cloud and AI technologies through risk-based priorities, measurable outcomes, and alignment with enterprise objectives. • Build and Develop High-Performing Teams: Lead, coach, and inspire Cloud Security and AI Security teams while establishing scalable operating models, conducting capacity and workforce planning, optimizing team processes, and fostering a culture of accountability, collaboration, adaptability, and continuous learning. • Drive Security Technology Strategy & Program Transformation: Develop and manage the Cloud Security & AI Security technology roadmap, including capability planning, technology evaluation, vendor selection, and oversight of implementations such as CNAPP, AI security controls, and automation capabilities. • Advance Secure Cloud & AI Enablement: Partner across technology, architecture, engineering, governance, legal, and business teams to establish security standards, risk management practices, and control requirements that enable innovation while protecting Ascension's cloud environments and AI solutions. • Measure, Communicate, and Advance Security Outcomes: Establish program metrics, key performance indicators, executive reporting, and strategic points of view to communicate risk, security posture, priorities, and program value. Develop and deliver presentations to senior management to support decision-making and drive alignment across the enterprise.