Experience level filter
Job type filter
Client history filter
Project length filter
Hours per week filter
  • Hourly
  • Expert
  • Est. time: More than 6 months, 30+ hrs/week

CMMC Level 2 Compliance Consultant Needed ABOUT THIS ROLE We are looking for a cybersecurity compliance professional with direct hands-on experience guiding Department of Defense contractors through CMMC Level 2 certification. We need someone who has already taken at least one company through this process from start to finish, not someone who is studying for credentials or new to the field. RESPONSIBILITIES Assess organizations against CMMC Level 2 requirements Identify gaps and build remediation roadmaps Develop and review security documentation including system security plans and action plans Help organizations collect evidence and prepare for third party audits Define assessment scope and document information flow Develop security policies and procedures aligned to Level 2 requirements REQUIRED QUALIFICATIONS Current and active CMMC credential such as Certified CMMC Assessor or Certified CMMC Professional Proven experience completing at least one CMMC Level 2 engagement from gap analysis through final assessment Strong knowledge of NIST framework and its security practices Experience writing system security plans, action plans, and compliance documentation Ability to explain compliance requirements clearly to both technical and non-technical audiences PREFERRED QUALIFICATIONS Experience with security configuration benchmarks and device hardening Background in virtual CISO services or security program development Prior military IT or information assurance experience Additional security certifications such as CompTIA Security Plus or CISSP YOUR PROPOSAL Please describe your current CMMC credentials and share a brief summary of a Level 2 engagement you have completed.

Posted last month
  • Hourly: $30.00 - $60.00
  • Intermediate
  • Est. time: More than 6 months, 30+ hrs/week

The Information Security Analyst partners with business units, IT, DevOps, and third-party vendors to maintain and continuously strengthen the organization's security posture and regulatory compliance. This role demands deep technical expertise across cloud environments, operational security, risk management, and data privacy. Key Responsibilities Security Operations & Monitoring - Monitor and analyze security alerts from SIEM and other detection tools; tune rules and enhance detection capabilities to reduce false positives and improve threat visibility. - Identify gaps and implement those at endpoint, SIEM, network devices to guarantee log collection and alerting for current threats - Participate in and continuously improve incident response, business continuity, and disaster recovery exercises. - Stay current on emerging threats, vulnerabilities, and attack techniques; translate intelligence into actionable defensive recommendations. - Collaborate with CISO and IT to ensure secure design and deployment of systems, networks, and cloud environments. - Support system administrators with security policy deployment and configuration aligned to company standards and industry benchmarks (e.g., CIS). Compliance - Lead and support technical compliance activities for applicable frameworks (GDPR, HIPAA, PII, SOC 2, CIS); identify control gaps, implement remediation, and gather audit evidence. Validate that controls have been implemented, are functioning and obtain evidence as needed for internal and external audits - Perform internal access control reviews and spot audits to verify policy adherence and data protection standards. Reporting - Prepare executive-ready reports documenting security metrics, threat activity, and audit outcomes for leadership and senior IT staff. Required Qualifications & Skills - Bachelor's degree in Computer Science, Information Security, or a closely related field. - 5+ years of progressive experience in an information security role, including hands-on implementation of security controls. - Strong technical foundation in IT systems, network security, cloud security (AWS, Azure, or GCP), and infrastructure hardening. - Hands-on experience with endpoint protection platforms, SIEM solutions, and log analysis. - Solid understanding of identity and access management (IAM), encryption, and authentication frameworks. - Proficiency with compliance frameworks: GDPR, US data privacy laws, HIPAA, SOC 2, and CIS Controls. - Relevant certifications such as CISSP, CISM, CEH, SANS GIAC, or equivalent. - Excellent analytical, problem-solving, and written/verbal communication skills. - Proven ability to work independently across remote or distributed teams. - Sound judgment, high integrity, and a self-motivated approach to continuous learning. - Flexibility to adjust to different priorities quickly

  • Hourly: $40.00 - $60.00
  • Intermediate
  • Est. time: More than 6 months, Less than 30 hrs/week

Mostro Cybersecurity helps mortgage brokers, RIAs, and financial advisors achieve elite security compliance. We're looking for a part-time Compliance & GRC Specialist (15–20 hrs/week) to own our client compliance programs. MUST HAVES: US or Canada-based 3+ years in compliance, GRC, or security operations Experience with at least 2 of: FTC Safeguards Rule, SOC 2, NIST CSF Hands-on experience with GRC platforms (ControlMap, Vanta, Drata, or similar) Experience running and interpreting penetration tests Strong English (policy reading/writing is core to this role) WHAT YOU'LL DO: Manage compliance workflows for 3–4 client accounts inside ControlMap Run Threatmate pen tests and create client remediation roadmaps Build FTC Safeguards, SOC 2, and NIST CSF compliance programs Conduct gap assessments, evidence collection, and policy reviews Prepare clients for audits and regulatory scrutiny RATE: $40–$60/hour depending on experience TO APPLY: Tell us about your experience with FTC, SOC 2, or NIST and your experience with GRC platforms. Include your rate and availability.

  • Hourly: $140.00 - $150.00
  • Intermediate
  • Est. time: 3 to 6 months, Less than 30 hrs/week

Join Corestead Consulting Group in supporting a community health center (FQHC) to enhance its security posture. As a Virtual CISO / Security Risk Lead, you will oversee security risk management and ensure compliance with healthcare regulations. Your expertise will help protect sensitive data and maintain the integrity of the center's operations.

Posted last month
  • Hourly
  • Intermediate
  • Est. time: More than 6 months, 30+ hrs/week

The Information Security Analyst partners with business units, IT, DevOps, and third-party vendors to maintain and continuously strengthen the organization's security posture and regulatory compliance. This role demands deep technical expertise across cloud environments, operational security, risk management, and data privacy — paired with the maturity to lead initiatives, influence stakeholders, and drive measurable improvements to the Information Security Management System (ISMS). Key Responsibilities Security Operations & Monitoring - Monitor and analyze security alerts from SIEM and other detection tools; tune rules and enhance detection capabilities to reduce false positives and improve threat visibility. - Lead vulnerability assessments across network, infrastructure, OS, and applications; track findings through to validated remediation. - Ensure timely patching and system hardening across all infrastructure layers, including endpoints, servers, and cloud workloads. - Participate in and continuously improve incident response, business continuity, and disaster recovery exercises. - Stay current on emerging threats, vulnerabilities, and attack techniques; translate intelligence into actionable defensive recommendations. Application & Cloud Security - Advise DevOps and Engineering teams on secure architecture, secure-by-design principles, and common application vulnerabilities (OWASP Top 10, etc.). - Conduct application security assessments, code reviews, and penetration test coordination; drive remediation with development teams. - Collaborate with IT to ensure secure design and deployment of systems, networks, and cloud environments. - Support system administrators with security policy deployment and configuration aligned to company standards and industry benchmarks (e.g., CIS). Compliance & Risk Management - Lead and support technical compliance activities for applicable frameworks (GDPR, HIPAA, PII, SOC 2, CIS); identify control gaps, implement remediation, and gather audit evidence. - Perform internal access control reviews and spot audits to verify policy adherence and data protection standards. - Assess third-party and external vendors for alignment with the ISMS; maintain vendor risk documentation and escalate material findings. - Assist in designing, maintaining, and continuously improving the ISMS to reflect the evolving risk landscape. - Prepare executive-ready reports documenting security metrics, threat activity, and audit outcomes for leadership and senior IT staff. Security Awareness & Training - Develop and deliver effective security awareness training and educational materials covering general cybersecurity hygiene, PHI handling, and HIPAA compliance. - Champion a security-first culture by engaging employees at all levels with relevant, practical guidance. Required Qualifications & Skills - Bachelor's degree in Computer Science, Information Security, or a closely related field. - 5+ years of progressive experience in an information security role, including hands-on implementation of security controls. - Strong technical foundation in IT systems, network security, cloud security (AWS, Azure, or GCP), and infrastructure hardening. - Hands-on experience with endpoint protection platforms, SIEM solutions, and log analysis. - Solid understanding of identity and access management (IAM), encryption, and authentication frameworks. - Familiarity with secure coding practices and common application-layer vulnerabilities. - Experience conducting vendor risk assessments and managing third-party security relationships. - Proficiency with compliance frameworks: GDPR, US data privacy laws, HIPAA, SOC 2, and CIS Controls. - Relevant certifications such as CISSP, CISM, CEH, SANS GIAC, or equivalent. - Excellent analytical, problem-solving, and written/verbal communication skills. - Proven ability to work independently across remote or distributed teams. - Sound judgment, high integrity, and a self-motivated approach to continuous learning.

  • Hourly: $100.00 - $160.00
  • Expert
  • Est. time: More than 6 months, 30+ hrs/week

Senior, United States based Security and Compliance Lead to own the security architecture and compliance posture of an enterprise ArcGIS digital twin platform for a critical infrastructure client (a major United States public port authority, named under NDA). Built natively on ArcGIS Enterprise; government grade security required. You will own: ISO 27001 and 27002 ISMS documentation; NIST digital identity controls (assurance levels IAL2, AAL2, FAL2); Zero Trust architecture; Azure AD (Entra) single sign on, MFA, role based access, and identity provisioning; strong encryption at rest and in transit; incident response runbooks and a controls compliance matrix; monthly access audits; CONUS only data residency. Required: Active CISSP; ISO 27001 Lead Implementer; NIST digital identity practitioner experience; commercial cloud security (Azure preferred); enterprise or government security leadership; United States based (mandatory, no offshore); To apply: List your CISSP, ISO 27001 Lead Implementer, and NIST digital identity credentials with dates; describe one ISMS or identity controls implementation you led, including cloud platform and client scale; confirm you are United States based

  • Hourly
  • Expert
  • Est. time: 1 to 3 months, Less than 30 hrs/week

We are a US-based company looking for an experienced compliance and certification consultant/team to help us achieve the following certifications: • ISO 27001
• SOC 2 Type II Scope of Work: * Conduct gap assessment and readiness review * Assist with security policies and documentation * Guide implementation of required controls and processes * Support audit preparation and evidence collection * Coordinate with auditors and ensure successful certification completion * Recommend compliance best practices for a growing organization Requirements: * Proven experience delivering ISO 27001 and SOC 2 Type II certifications * Strong understanding of cybersecurity, risk management, and compliance frameworks * Prior experience with US-based companies preferred * Ability to provide timelines, implementation approach, and estimated costs Please include: * Your previous certification projects * Estimated timeline for completion * Tools/frameworks you use * Any relevant certifications or credentials We are looking for a reliable long-term compliance partner who can guide us from assessment through certification.

  • Hourly: $80.00 - $125.00
  • Expert
  • Est. time: More than 6 months, 30+ hrs/week

Company Overview Regie.ai is an AI-native SaaS platform (Series B) that helps sales teams automate and personalize their outreach. As an engineering-led organization, we prioritize security and compliance as a core pillar of our customer trust and product excellence. Role Summary We are seeking an experienced Fractional CISO to lead our security and compliance strategy. This is a part-time, long-term engagement (approximately 20–40 hours per month). You will own our compliance roadmap, serve as the primary security contact for our enterprise customers, and ensure our infrastructure remains audit-ready. Key Responsibilities • Compliance Leadership (SOC 2 & Beyond): - Oversee and drive the continuous monitoring and annual renewal of our SOC 2 Type II certification. - Maintain and update internal security policies to align with evolving regulatory requirements and industry best practices. • Data Privacy & Legal Support: - Manage DPA (Data Processing Addendum) reviews and related privacy compliance tasks. - Ensure the organization adheres to GDPR, CCPA, and other relevant data protection frameworks. • Sales Enablement & Customer Trust: - Own the completion of Security & Compliance Questionnaires from prospective and current enterprise customers. - Join customer calls as the technical security expert to address high-level concerns regarding our security posture and data handling. • Strategic Security Advisory: - Partner with the Head of Engineering to identify and mitigate infrastructure risks. - Provide guidance on security tooling, threat modeling, and incident response readiness. Qualifications • Experience: 10+ years in information security, with at least 3+ years in a CISO or Head of Security role (ideally within the SaaS/AI space). • Compliance Expert: Proven track record of managing SOC 2 audits from start to finish. • Customer-Facing: Excellent communication skills with the ability to translate complex security concepts for non-technical stakeholders and enterprise legal teams. • Technical Depth: Familiarity with AWS cloud security, MongoDB atlas environments, and modern AI/LLM security considerations.

Posted 4 weeks ago
  • Fixed price
  • Expert
  • Est. budget: $200.00

- AWS security group and VPC remediation - Using Vanta to keep track of remediated items for SOC2 compliance audit - Create audit reports and provide strategy to correct security failures per NIST and SOC2 standards.

  • Hourly
  • Intermediate
  • Est. time: 3 to 6 months, Less than 30 hrs/week

Senior Electronic Security Systems Consultant (Access Control & Video Surveillance) We are seeking an experienced consultant with a strong background in electronic security systems engineering to review and provide technical quality assurance on enterprise security standards and implementation documentation. This is not a cybersecurity, IT security, software QA, or penetration testing role. The work involves reviewing technical documentation related to enterprise access control, video surveillance (CCTV), intrusion detection, door hardware interfaces, power systems, and security infrastructure used in large corporate campuses and data centers. Responsibilities * Review technical standards, implementation guides, and engineering documentation. * Validate technical accuracy, completeness, and consistency. * Identify design gaps and recommend improvements based on industry best practices. * Provide practical feedback based on real-world deployment experience. Desired Experience * 10+ years designing or engineering enterprise electronic security systems. * Experience with enterprise access control, CCTV, intrusion detection, and supporting infrastructure. * Experience developing or reviewing technical standards, implementation guides, or engineering documentation. * Experience supporting Fortune 500 corporate campuses, data centers, or other large enterprise environments. * Strong technical writing and documentation review skills. Please describe your experience with enterprise electronic security systems and provide examples of similar standards or engineering documentation you have reviewed or developed.

Jobs Per Page: Â