Remote Jobs
Compliance Analyst - ISO 42001 / CMMC / SOC 2
This job is now closed
Job Description
- Req#: 10477
- Support compliance operations aligned with ISO/IEC 42001, CMMC Level 2, and SOC 2 frameworks.
- Maintain security documentation including policies, procedures, system security plans (SSPs), plans of action and milestones (POA&Ms), and risk assessments.
- Assist in the implementation and monitoring of cybersecurity controls across cloud environments (AWS, Azure) and hybrid infrastructure.
- Collaborate with IT, engineering, and operations teams to ensure controls are enforced, evidence is collected, and remediation timelines are met.
- Develop and generate compliance metrics and dashboards using tools like Splunk and AWS CloudWatch.
- Conduct internal control reviews and gap analyses; support third-party audits and government assessments.
- Track and respond to security incidents, policy violations, and control deficiencies.
- Provide briefings, written reports, and presentations to leadership and stakeholders.
- 2+ years of experience supporting compliance efforts for one or more of the following: ISO/IEC 42001, CMMC Level 2, SOC 2, NIST SP 800-53, or NIST SP 800-171.
- Working knowledge of AWS services including EC2, S3, IAM, and CloudWatch.
- Experience using Splunk to create dashboards and compliance views for evidence tracking and control monitoring.
- Understanding of security operations and risk management in Linux and Windows environments.
- Strong technical writing and documentation skills for policies, audit artifacts, and risk assessments.
- Ability to manage multiple concurrent deadlines with minimal supervision.
- Familiarity with AI governance concepts and the ISO/IEC 42001 AI Management System structure.
- Experience coordinating audit readiness for FedRAMP, ISO, or DoD assessments.
- Prior work with vulnerability management, patch tracking, or compliance ticketing workflows.
- Experience working with external auditors, assessors, or federal partners.
- Experience with compliance dashboards, automated evidence collection, and reporting pipelines.
- ISC2 CISSP or equivalent combination of training and experience.
- CGRC
Position Overview
By Light is seeking a full-time Cyber Security SME to join our growing security and compliance team. This role supports By Light's Security Operations Center (SOC) and compliance initiatives, with a focus on achieving and maintaining certifications under ISO/IEC 42001 (AI Management Systems), CMMC Level 2, and SOC 2. The ideal candidate will assist in the implementation, documentation, monitoring, and continuous improvement of enterprise security controls to meet internal policy, federal requirements, and industry standards.
This is a hands-on role that blends technical knowledge, compliance strategy, audit preparation, and cross-team collaboration to ensure enterprise-wide security and assurance for AI, cloud, and IT/OT systems.
Responsibilities
Required Experience/Qualifications
Preferred Experience/Qualifications
Special Requirements/Security ClearanceAbout the company
The best remote jobs for you
Notice
Talentify is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.
Talentify provides reasonable accommodations to qualified applicants with disabilities, including disabled veterans. Request assistance at accessibility@talentify.io or 407-000-0000.
Federal law requires every new hire to complete Form I-9 and present proof of identity and U.S. work eligibility.
An Automated Employment Decision Tool (AEDT) will score your job-related skills and responses. Bias-audit & data-use details: www.talentify.io/bias-audit-report. NYC applicants may request an alternative process or accommodation at aedt@talentify.io or 407-000-0000.