Lead the strategy, execution, and continuous improvement of the company’s compliance program, including gap assessments, remediation plans, and policy documentation

Develop, update, and maintain cybersecurity policies, standards, and procedures in alignment with NIST, CMMC, and ISO 27001 frameworks

Serve as a liaison to external consultants, auditors, and government partners on matters related to CMMC, ISO 27001, and other compliance efforts

Collaborate with Legal during the contract negotiation process, including providing risk-based feedback and proposed alternatives for security/privacy-related terms

Manage and respond to incoming GRC-related inquiries and support customer RFPs and assurance documentatio

Manage the internal security risk register and perform formal risk assessments using industry-standard methodologies

Conduct and oversee third-party/vendor risk assessments; collaborate with procurement and business owners to assess and mitigate vendor-related risks

Complete customer security questionnaires, showcasing Exabeam’s security posture and compliance with global data protection regulations (e.g., GDPR, CCPA, HIPAA)

Contribute to cross-functional GRC initiatives including security awareness training, internal control evaluations, audit readiness, and program maturity assessments

Support internal audits and external assessments, including SOC 2, ISO 27001 surveillance and certification audits

Bachelor's degree in Information Security, Risk Management, Business, or a closely related field required

3-5+ years of experience in Information Security, GRC, Risk Management, or Compliance

Proven experience supporting compliance frameworks (e.g., NIST 800-171/53, CMMC, ISO 27001, SOC 2, FedRAMP)

Demonstrated experience leading or supporting compliance programs and internal/external audits

Excellent problem-solving, analytical, and critical thinking skills

Ability to collaborate across Legal, Security, Product, and Engineering teams in a fast-paced environment

Strong communication and documentation skills, with the ability to deliver clear and concise reporting to both technical and executive audiences

Self-motivated, well-organized, and capable of managing multiple workstreams with minimal oversight

Familiarity with cloud platforms (AWS, Azure, GCP) and associated compliance implications

Understanding of regulatory obligations: GDPR, CCPA, HIPAA, and other data protection laws

Experience with risk management tools and GRC platforms

Background supporting contract reviews and negotiations for security/privacy clauses

Experience with policy development, training programs, and control implementation initiatives

CISA, CISSP, CISM, CRISC, ISO 27001 Lead Auditor

Extensive medical, dental and vision coverage to meet your healthcare needs and employer Health Savings Account contribution to help pay for health expenses now or in the future

Generous 401(k) employer match to help you save for your future

Paid Time off including “take what you need” flex time, volunteer day of service, your birthday, parental leave, holidays and more

Widespread learning center for career planning and skill development to grow your career

A culture of passionate, diverse, committed professionals