DataLock Consulting Group
11 - 50 funcionários
Fundada em 2013
🔒 Cibersegurança
📋 Conformidade
Cybersecurity • Compliance • Healthcare
A DataLock Consulting Group é uma empresa de consultoria em cibersegurança que se especializa no desenvolvimento de programas de segurança, conformidade e arquitetura e engenharia de segurança. Eles acreditam em integrar a cibersegurança na base de redes e sistemas, em vez de tratá-la como uma consideração secundária. Atendem a diversos setores, incluindo governo, financeiro, aeroespacial e saúde, oferecendo serviços como gestão de risco, avaliações de segurança e segurança em nuvem.
Senior GRC Engineer
🕒 Fevereiro 4
🗣️🇺🇸🇬🇧 Inglês obrigatório
📊 Verifique sua pontuação de currículo para esta vaga
Melhore suas chances de conseguir uma entrevista verificando sua pontuação de currículo antes de se candidatar.
DataLock Consulting Group
11 - 50 funcionários
Fundada em 2013
🔒 Cibersegurança
📋 Conformidade
Cybersecurity • Compliance • Healthcare
A DataLock Consulting Group é uma empresa de consultoria em cibersegurança que se especializa no desenvolvimento de programas de segurança, conformidade e arquitetura e engenharia de segurança. Eles acreditam em integrar a cibersegurança na base de redes e sistemas, em vez de tratá-la como uma consideração secundária. Atendem a diversos setores, incluindo governo, financeiro, aeroespacial e saúde, oferecendo serviços como gestão de risco, avaliações de segurança e segurança em nuvem.
Descrição
• Maintain and strengthen the cybersecurity posture of assigned federal programs, systems, or enclaves. • Guide system owners, ISSOs, and engineering teams in applying GRC engineering principles throughout the system lifecycle. • Lead and support Risk Management Framework activities, including system categorization, control selection, implementation, assessment, authorization, and continuous monitoring. • Produce high-quality security and privacy artifacts that are technically sound, actionable, and aligned with engineering realities. • Support achievement and maintenance of Authorities to Operate (ATOs) and manage associated Plans of Action and Milestones (POA&Ms). • Brief senior leadership on risk posture, authorization status, and remediation strategies. • Apply DevSecOps principles to integrate security into CI/CD pipelines and modern development workflows. • Support Zero Trust architecture implementation, supply chain risk management, and modernization initiatives. • Apply continuous integration, continuous delivery, and continuous security principles across environments. • Support implementation and analysis of SAST, DAST, Software Composition Analysis, secrets management, and GitHub-based workflows. • Apply Infrastructure as Code, virtualization, and containerization concepts to security engineering and assessment activities. • Utilize endpoint protection, integrity monitoring, and SIEM tooling to support security operations and monitoring. • Implement and assess authentication, authorization, and identity federation mechanisms including SAML, OAuth, and OIDC. • Apply PKI, encryption technologies, and FIPS implementation requirements. • Analyze network architectures, topologies, and protection mechanisms to assess confidentiality, integrity, and availability risks. • Leverage OSCAL for machine-readable control catalogs, baselines, System Security Plans, and assessment documentation. • Analyze and interpret software vulnerabilities using CVE, CWE, and CVSS scoring methodologies. • Evaluate supplier and product trustworthiness as part of supply chain risk management efforts. • Develop and maintain cybersecurity and privacy policies aligned with organizational objectives. • Apply cybersecurity and privacy principles related to confidentiality, integrity, availability, authentication, and non-repudiation. • Assess security and privacy controls using frameworks such as NIST SP 800-53, the NIST Cybersecurity Framework, and CIS Critical Security Controls. • Determine how security systems should function, including resilience and dependability, and assess how environmental or operational changes affect system risk. • Communicate technical findings clearly and effectively through written documentation and stakeholder engagement. • Introduce automation, engineering practices, and innovation into GRC programs to improve efficiency and continuous monitoring maturity.
🎯 Requisitos
• Bachelor’s degree in Computer Science, Information Systems, or a related field, or an additional three years of relevant experience. • Seven or more years of relevant cybersecurity experience. • Three or more years of experience serving as an ISSO for a Federal agency. • Prior experience serving as an ISSO for a portfolio of Federal systems. • Experience achieving ATOs, managing POA&Ms, and briefing senior leadership. • Deep functional and technical knowledge of NIST RMF and NIST CSF processes and documentation. • Expertise in FedRAMP standards and processes. • Strong understanding of IaaS, PaaS, and SaaS cloud service models, including Azure, Microsoft 365, Salesforce, ServiceNow, Appian, and MuleSoft. • Strong foundational and operational knowledge of DevSecOps, CI/CD pipelines, Zero Trust, supply chain risk management, artificial intelligence, and operational technology. • Familiarity with SAST, DAST, Software Composition Analysis, secrets management, and GitHub. • Operational knowledge of Infrastructure as Code, virtualization, and containerization. • Proficiency with endpoint protection, integrity monitoring, and SIEM tools. • Expertise in authentication, authorization, and identity federation technologies. • Familiarity with PKI, encryption technologies, and FIPS requirements. • Foundational understanding of network architectures and security mechanisms. • Familiarity with OSCAL and machine-readable security documentation. • Ability to analyze software vulnerabilities using CVE, CWE, and CVSS. • Experience in technical writing and producing clear, well-organized security documentation. • Experience evaluating supplier and product trustworthiness.
🏖️ Benefícios
• Competitive compensation • Comprehensive benefits package • Strong commitment to work-life balance • Collaborative, remote-first environment • Professional growth opportunities
Candidatar-seVagas Similares
🕒 Fevereiro 3
BeOne Medicines
10.000+ funcionários
Director, Global Regulatory Lead responsible for regulatory strategies at BeOne for cancer treatments. Overseeing projects and ensuring compliance with regulatory requirements globally.
🗣️🇺🇸🇬🇧 Inglês obrigatório
🕒 Janeiro 9
Manager for APAC Trade Compliance handling global export control programs. Leading trade compliance strategy for Leica Biosystems focusing on APAC regulations and relationships.
🇺🇸 Estados Unidos – Remoto (EUA)
💵 $120.000 - $140.000 / ano
⏰ Tempo Integral
🟡 Pleno
🟠 Sênior
🚔 Conformidade
🦅 Patrocina Visto H1B
🗣️🇺🇸🇬🇧 Inglês obrigatório
🕒 Janeiro 8
Compliance Analyst managing retirement plan regulations and providing support for audits at FuturePlan. Requires 3 to 8+ years of compliance and testing experience with retirement plans.
🇺🇸 Estados Unidos – Remoto (EUA)
💵 $65.000 - $95.000 / ano
💰 Secondary Market em 2019-02
⏰ Tempo Integral
🟡 Pleno
🟠 Sênior
🚔 Conformidade
🦅 Patrocina Visto H1B
🗣️🇺🇸🇬🇧 Inglês obrigatório
🕒 Dezembro 30, 2025
Payments & Compliance Manager managing relationships and compliance in global payments ecosystem for Pixery. Focusing on coordinating with external payment partners while ensuring commercial interests are upheld.
🗣️🇺🇸🇬🇧 Inglês obrigatório
🕒 Dezembro 29, 2025
Treasury & Compliance Manager overseeing capital movements and regulatory filings for venture capital at Decile Group. Partnering with various departments for compliance and operational efficiency.
🇺🇸 Estados Unidos – Remoto (EUA)
💵 $110.000 - $160.000 / ano
⏰ Tempo Integral
🟡 Pleno
🟠 Sênior
🚔 Conformidade
🗣️🇺🇸🇬🇧 Inglês obrigatório
