Position Summary

Responsible for day-to-day operation of the company’s compliance and AI governance program in a regulated, government-facing environment. This role focuses on translating regulatory, cybersecurity, AI governance, and audit requirements into actionable internal processes, coordinating audit readiness, maintaining documentation, and ensuring ongoing compliance alignment. The position partners closely with the CTO, Cloud Hosting Manager, Engineering, and Security stakeholders to support secure operations, responsible AI usage, and adherence to applicable regulatory frameworks and data protection standards.

Duties and Responsibilities

•Interpret regulatory, contractual, cybersecurity, and AI governance requirements (e.g., SOC 2, CJIS, NIST-based controls, ISO 27001, AI governance standards, state/local requirements) into internal tasks and control activities
• Coordinate audit readiness efforts, including evidence collection, organization, validation, and remediation tracking
• Serve as primary internal point of contact for auditors; support external audit processes, security assessments, and follow-up activities
• Maintain and update policies, procedures, control narratives, risk assessments, AI governance documentation, and compliance records
• Track compliance status, findings, risks, and remediation efforts; ensure timely closure of identified gaps
• Partner with Hosting, Engineering, Security, and Product teams to validate implementation of security, privacy, and AI-related controls
• Support governance and oversight of AI-related processes, including data handling, model usage, vendor assessments, and responsible AI practices
• Assist in identifying and mitigating cybersecurity, privacy, and AI-related operational risks
• Escalate ambiguous, high-risk, or non-compliant requirements and coordinate resolution activities
• Support vendor compliance reviews, security questionnaires, and third-party risk documentation requests as needed
• Assist in maintaining control mappings across multiple compliance and security frameworks
• Contribute to continuous improvement of compliance, information security, and AI governance processes

Supervisory Responsibilities

· None

Requirements

Required Education and Experience

• 3–7+ years of experience in compliance, risk management, cybersecurity governance, audit coordination, or related function
• Working knowledge of at least one framework (SOC 2, NIST, CJIS, ISO 27001, or similar)
• Familiarity with cybersecurity governance principles, access controls, data protection practices, and risk management methodologies
• Exposure to AI governance, responsible AI practices, data privacy considerations, or emerging AI regulatory requirements preferred
• Experience supporting audits (internal or external), including evidence collection and auditor interaction
• Strong documentation skills; ability to produce clear, structured policies, procedures, and governance documentation
• Ability to interpret technical and regulatory requirements and translate them into operational tasks and controls
• Comfortable working cross-functionally with technical, security, and operational teams
• Detail-oriented with strong organizational and follow-through capabilities

Preferred Education and Experience

• Experience in government, public sector, healthcare, or other regulated environments
• Exposure to multiple frameworks or control mapping activities
• Familiarity with compliance and security tools (e.g., Vanta, Drata, Wiz, Microsoft Purview, Defender, or similar platforms)
• Experience supporting cloud security governance in Azure or AWS environments
• Understanding of AI security, data governance, or vendor risk management practices related to AI-enabled solutions

Travel Required