Compliance Lead

  • Location

    San Diego

  • Sector:

  • Job type:

    Temporary

  • Salary:

    Negotiable

  • Contact:

    Hannah Pegues

  • Contact email:

    h.pegues@ioassociates.com

  • Job ref:

    BBBH161831_1749213470

  • Startdate:

    ASAP

  • Consultant:

    Hannah Pegues


Location: Remote (U.S.-based)
Job Type: Full-Time
Clearance: U.S. Citizenship required; security clearance preferred but not mandatory

About the Role


We are seeking a skilled and proactive Compliance Lead to drive and manage our security and compliance initiatives across cloud and enterprise environments. This individual will play a critical role in achieving and maintaining FedRAMP, SOC 2, and ISO 27001 certifications. You'll collaborate across engineering, security, legal, and product teams to ensure robust compliance frameworks are in place to support business growth and customer trust.


Key Responsibilities


  • Lead end-to-end compliance efforts for FedRAMP, SOC 2, and ISO 27001 assessments and audits.

  • Serve as the primary point of contact for internal and external auditors, 3PAOs, and federal stakeholders.

  • Maintain and evolve the organization's security and compliance programs, policies, procedures, and control frameworks.

  • Conduct risk assessments and control gap analysis; develop and track remediation plans.

  • Work with technical teams to ensure security and compliance controls are implemented correctly.

  • Prepare and manage documentation including System Security Plans (SSP), POA&Ms, security policies, and audit evidence.

  • Support continuous monitoring activities and annual assessment cycles.

  • Drive awareness and training across the organization on compliance requirements and best practices.

Qualifications


  • 5+ years of experience in information security compliance or risk management.

  • Deep knowledge of FedRAMP (LI-SaaS, Moderate or High) requirements and assessment process.

  • Hands-on experience with SOC 2 Type I and II and ISO 27001:2013 frameworks.

  • Strong understanding of NIST 800-53, NIST RMF, and related cybersecurity controls.

  • Experience leading audits, security assessments, and managing relationships with auditors and certifying bodies.

  • Familiarity with cloud platforms (AWS, Azure, GCP) and their native security/compliance offerings.

  • Excellent writing and communication skills for policy documentation and reporting.

  • Certifications such as CISSP, CISA, CISM, or ISO 27001 Lead Implementer/Auditor are a strong plus.

Preferred Skills


  • Prior experience in a SaaS or cloud-native environment.

  • Knowledge of additional regulatory frameworks (e.g., HIPAA, PCI DSS, CJIS, ITAR).

  • Strong project management and organizational skills with the ability to manage multiple priorities in a fast-paced environment.