What are the responsibilities and job description for the Cyber Risk & Compliance Engineer position at Fusion HCR?
As a Cyber Risk & Compliance Engineer, you'll be at the core of evaluating, analyzing, and strengthening security controls to help organizations align with compliance frameworks like CMMC, SOC 2, ISO 27001, HIPAA, and AI Governance.
While compliance is your primary focus, you’ll also contribute to risk assessments and security operations, ensuring technical safeguards are not just implemented—but effective.
Key responsibilities include:
While compliance is your primary focus, you’ll also contribute to risk assessments and security operations, ensuring technical safeguards are not just implemented—but effective.
Key responsibilities include:
- Technical Control Analysis – Assess, validate, and improve security controls to meet compliance requirements.
- Risk Assessments – Identify and evaluate security gaps, weaknesses, and threats in client environments.
- Compliance Mapping & Readiness – Help businesses achieve compliance with CMMC, SOC 2, ISO 27001, HIPAA, and AI Governance.
- Security Policy & Procedure Development – Assist in developing and refining security policies, procedures, and control documentation.
- Audit & Gap Analysis – Conduct compliance gap assessments and provide roadmaps for remediation.
- AI Governance & Risk Management – Evaluate AI-related security risks and ensure compliance with emerging AI regulations and governance best practices.
- Security Operations Support – Contribute to SIEM monitoring, vulnerability management, and incident response as part of broader compliance initiatives.
- Cyber Insurance Readiness – Ensure clients meet cyber insurance security control requirements.
Compliance Advisory – Work with vCISO teams and security consultants to help businesses bridge compliance and security gaps. - Stay Ahead of Evolving Standards – Continuously monitor updates in regulations and security frameworks to ensure compliance strategies remain effective.
- Compliance & Security Knowledge – Experience with CMMC, SOC 2, ISO 27001, HIPAA, AI Governance, or similar frameworks.
- Technical Control Analysis – Understanding of security controls across networks, cloud, endpoint security, IAM, and vulnerability management.
- Risk & Gap Assessments – Ability to analyze security risks, audit controls, and recommend mitigation strategies.
- Hands-On Security Experience – Familiarity with SIEM tools, EDR, firewalls, IDS/IPS, and security hardening techniques.
- AI Security & Governance (Preferred, Not Required) – Understanding of AI security risks, ethical AI principles, and compliance requirements.
- Certifications (Preferred, Not Required) – Security , CISSP, CISM, CMMC-CCP, CEH, CySA , or similar.
- Strong Documentation & Reporting Skills – Ability to clearly document security controls, audit findings, and compliance assessments.
- Communication & Advisory Skills – Ability to bridge the gap between security teams and compliance stakeholders.
