Senior Security Compliance Analyst

Summary

Join FormAssembly's dynamic team as a Senior Security Compliance Manager, working remotely from anywhere in the US. This full-time role requires US citizenship and a CISSP or Security+ certification. As the primary compliance subject matter expert, you will own critical security certifications and lead cross-functional teams through complex audit cycles. You will partner with various departments to evaluate controls, escalate risks, and ensure compliance programs support growth with enterprise and government clients. The ideal candidate will have 5+ years of experience driving security-compliance audits and a deep understanding of relevant frameworks. This position offers a competitive salary and a comprehensive benefits package.

Requirements

• 5+ years driving security-compliance audits, including FedRAMP, DoD IL2-5, SOC-2, ISO27001, and PCI
• Lead compliance initiatives and serve as the primary liaison with assessors and stakeholders
• Drive continuous monitoring and control implementation for NIST 800-53 and DoD SRG requirements, acting as the primary contact for government-related initiatives
• Ability to work cohesively alongside different teams such as Engineering, IT, Product, and Marketing
• Experience preparing and presenting status reports and metrics on risk and non-compliance
• US Citizenship and active CISSP or Security+ certification
• CISSP (Certified Information Systems Security Professional) or CompTIA Security+

Responsibilities

• Lead comprehensive compliance programs including FedRAMP, DoD IL2-IL4, SOC-2, PCI-DSS, and ISO 27001 requirements, ensuring successful audit outcomes and continuous certification maintenance
• Serve as subject matter expert internally across these frameworks
• Execute advanced control assessments through technical testing, risk-based walkthroughs, and comprehensive policy evaluations to validate design and operating effectiveness across all frameworks
• Deliver executive-level risk reporting on residual exposures, vulnerability trends, and compliance posture, with actionable recommendations for security investments and strategic initiatives
• Perform comprehensive control effectiveness evaluations using industry-standard methodologies, providing detailed remediation roadmaps and timeline recommendations
• Champion compliance automation initiatives by identifying opportunities for orchestration, implementing continuous monitoring solutions, and driving operational efficiency
• Serve as primary technical resource for customer security assessments, RFPs, and vendor due diligence activities, demonstrating our security posture to prospects and existing clients
• Drive continuous improvement of security practices through policy development, training program enhancement, and industry best practice implementation

Preferred Qualifications

• Experience with similar frameworks such as EU Cyber Resilience Act (CRA), GDPR, CCPA, and CPRA
• CISM (Certified Information Security Manager), or CISA (Certified Information Systems Auditor)
• CRISC (Certified in Risk and Information Systems Control)
• SANS certifications (GIAC family - GSEC, GREM, GCIH)
• FedRAMP 3PAO Assessor Certification, or ISO 27001 Lead Auditor/Lead Implementer

Benefits

• Health benefits (health, dental, vision) for Team Members based in the United States
• Mental Health benefits with SpringHealth
• 401(k) with 4% company match
• Unlimited PTO (with a required minimum use of 2 weeks per year) for Salaried/Exempt staff, or 4 weeks of paid vacation for hourly/non-exempt employees
• 9 paid company holidays
• Flexible work schedule; work from anywhere!
• Generous Paid parental leave (up to 16 weeks)
• Charitable contribution match
• Budget for professional development
• Company provided Mac laptop