Security and Compliance Manager II

This is a remote position.

Ad Hoc is a technology company that empowers organizations to deliver scalable, impactful digital services. Using modern, agile methods, our team creates products that meet people's needs and transform their experience of government.

Work on things that matter

Our collaborations have shaped some of the defining moments in public-sector service delivery. We've helped build products that connect Veterans to tailored services, help millions access affordable health care, and support important programs like Head Start. As we work with agencies to deliver critical services, we're also changing how the government approaches technology.

Built for a remote life

Our culture, communications, and tools are built for remote work, enabling us to bring together top talent nationwide. At Ad Hoc, remote life empowers our teams to design work environments that fit their lives and that foster flexibility and collaboration to achieve positive outcomes for our customers.

Committed to high expectations and a welcoming culture

Ad Hoc values acceptance, accountability, and humility. We aren't heroes. We learn from our mistakes and improve the process for the next time. We build small, inclusive teams to collaborate closely with our partners to solve the right problems and deliver software that works.

The Federal Civilian business unit supports many customers spanning the federal, commercial, and nonprofit space. Our customers include NASA, the General Services Administration, Office of Personnel Management, the Library of Congress, Health & Human Services, and the FDIC. We partner with these agencies to build new capabilities, deliver products, establish data as a strategic asset for informed decision-making, modernize legacy systems, and build the digital service infrastructure necessary to scale their mission impact.

Primary Responsibilities:

Security and Compliance Manager II serves as an individual contributor within a team; with the support and guidance of leadership, you will be responsible for supporting the goal of meeting scope, schedule and delivery requirements. You will begin to develop an awareness and understanding of the security and compliance within your designated program, as well as interact with stakeholders. Primary expectations for a Security and Compliance Manager II include:

• 
  

  Conducts security control tests of design and operational effectiveness

  
  

• 
  

  Manages remediation tasks to completion on tight deadlines

  
  
• 
  

  Supports internal and external auditors

  
  
• 
  

  Maintains documentation related to security compliance

  
  
• 
  

  Identifies opportunities for security compliance control automation

  
  
• 
  

  Maintains security compliance automation tasks

  
  
• 
  

  Building an understanding of at least two security control frameworks (e.g. SOC, NIST, etc.)

  
  
• 
  

  Works towards understanding how compliance works with cloud-native tech stacks

  
  
• 
  

  onboarding for new developers

  
  
• 
  

  Exhibits understanding for other roles and practices, including how they are intended to work together

  
  
• 
  

  Participates in planning sessions to ensure security and compliance requirements are met

  
  

Basic Qualifications:

• 
  

  Bachelor's degree in computer science, information assurance, cybersecurity or related field, 3+ years of experience

  
  
  
  
  • 
    

    Relevant years of experience may be substituted for education

    
    
  
  
  
  

• 
  

  At least 2+ years experience working with a SaaS company and passion for learning and working in compliance programs

  
  
• 
  

  Strong familiarity with NIST security controls (ideally NIST 800-53) and general GRC/RMF concepts

  
  
• 
  

  Experience with recurring security processes: security reviews, risk/security assessments, remediation tracking, and ongoing documentation updates

  
  
• 
  

  Ability to interpret control requirements and translate them into actionable tasks for engineering teams

  
  
• 
  

  Understanding of inheritance models (shared responsibility, inherited controls, platform-level controls)

  
  

Preferred Qualifications:

• 
  

  Ability to obtain/maintain: CompTIA Sec+

  
  
• 
  

  Hands-on experience with AWS security (IAM policies, S3 access controls, basic configuration review)

  
  
• 
  

  Experience with Databricks from a security/access or governance perspective

  
  
• 
  

  Experience identifying process improvements or automation opportunities in security operations

  
  

To learn more about working at Ad Hoc, please visit:https://adhocteam.us/join

Benefits:

• Company-subsidized health, dental, and vision insurance
• Flexible PTO
• 401K with employer match
• Paid parental leave after one year of service
• Employee Assistance Program

Ad Hoc LLC is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, ancestry, sex, sexual orientation, gender identity or expression, religion, age, pregnancy, disability, work-related injury, covered veteran status, political ideology, marital status, or any other factor that the law protects from employment discrimination.

In support of various state and city equal pay transparency laws, Ad Hoc job descriptions feature the starting range we reasonably expect to pay to candidates who would join our team with little to no need for training on the responsibilities we've outlined above. Actual compensation is influenced by a wide range of factors including but not limited to skill set, level of experience, and responsibility. The range of starting pay for this role is $100,000-$105,000. Our recruiters will be happy to answer any questions you may have, and we look forward to learning more about your salary requirements.

job reference:

https://adhoc.team/