What are the responsibilities and job description for the Associate Information Security Officer position at Agency.com?
Position Summary
Agency seeks an experienced and highly motivated Associate Information Security Officer to join our Compliance Team. The ideal candidate will have at least five years of experience in a Governance, Risk, and Compliance (GRC) or security engineering role directly supporting frameworks such as CMMC2, NIST 800-171, SOC2, ISO 27001, GDPR, and HIPAA. This individual will play a critical role in helping our clients achieve and sustain compliance while implementing best practices in information security.
Key Responsibilities
1. Compliance Management
Assist clients in developing, implementing, and maintaining compliance with frameworks such as CMMC2, NIST 800, SOC2, ISO 27001, GDPR, and HIPAA.
Conduct gap analyses, risk assessments, and readiness reviews to evaluate organizational compliance posture.
Develop and manage security policies, standards, and procedures aligned with regulatory requirements.
2. Risk Assessment and Mitigation
Identify and assess security risks associated with client environments and recommend mitigation strategies.
Collaborate with clients to design and implement controls to address identified risks.
3. Audit and Certification Support
Support clients in audit preparation, including evidence collection, control testing, and remediation tracking.
Act as a liaison between clients and auditors during certification and assessment processes.
4. Client Advisory and Training
Provide advisory services to clients on implementing security controls and best practices.
Deliver training and awareness sessions on compliance and information security topics.
5. Continuous Improvement
Monitor and stay updated on changes to relevant compliance frameworks and regulatory requirements.
Recommend and implement improvements to internal and client-facing compliance processes.
6. Collaboration and Leadership
Work cross-functionally with technical teams and business stakeholders to ensure compliance efforts align with organizational goals.
Mentor junior team members and contribute to a security and compliance excellence culture.
Qualifications
Bachelor’s degree in Information Security, Cybersecurity, Computer Science, or a related field (or equivalent experience).
Minimum of 5 years of experience in a GRC or security engineering role focused on frameworks such as CMMC2, NIST 800, SOC2, ISO 27001, GDPR, and HIPAA.
Strong understanding of security principles, risk management practices, and compliance frameworks.
Experience with security tools, technologies, and methodologies used in compliance programs.
Familiarity with audit processes, evidence collection, and remediation tracking.
Professional certifications such as CISSP, CISM, CRISC, or equivalent are highly preferred.
Key Skills
Excellent written and verbal communication skills.
Strong analytical and problem-solving abilities.
Ability to manage multiple projects and meet deadlines in a fast-paced environment.
Team-oriented mindset with the ability to work collaboratively across diverse teams.
Detail-oriented with a strong commitment to quality and accuracy.
What We Offer
Competitive salary and benefits package.
Opportunities for professional growth and certification support.
Collaborative and inclusive work environment.
The chance to work with a dynamic team committed to security and compliance excellence.
Keep a pulse on the job market with advanced job matching technology.
If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution.
Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right.
Surveys & Data Sets
What is the career path for a Associate Information Security Officer?
Sign up to receive alerts about other jobs on the Associate Information Security Officer career path by checking the boxes next to the positions that interest you.
