Job Summary
BlueSteel Cybersecurity – a company driven by a mission to develop humanized cybersecurity compliance programs that create sustainable security and confidence for organizations– is seeking an experienced Senior Security Compliance Manager. In this role, you will lead our cybersecurity compliance services and help clients achieve and maintain critical security certifications and regulatory compliance. We pride ourselves on creating low-friction solutions that are both effective and livable for clients, making "being compliant a breeze" while protecting sensitive data. As a Senior Security Compliance Manager, you will embody BlueSteel’s core values – “Do The Dirty Work,” “Disciplined Every Day and Every Way,” “Intellectual Care,” “FIKA (Remember to be Human),” and “Sharing Is Caring” – by working collaboratively, diligently, and transparently to drive successful security outcomes for our clients.
This is a hybrid position (remote and on-site) that requires both deep technical expertise in cybersecurity and outstanding client-facing communication skills. You will act as a trusted advisor to client stakeholders, translating complex security requirements into actionable programs. If you are passionate about cybersecurity compliance, excel in managing diverse frameworks (NIST, CMMC, ISO 27001, HIPAA/HITECH, etc.), and are eager to join a team that values integrity, discipline, and continuous learning, BlueSteel Cybersecurity could be the perfect place to take your career to the next level. Join us in our quest to make compliance easy and empowering for our clients, all while working in a culture that values teamwork, growth, and taking care of our people.
Key Responsibilities
- Lead Compliance Engagements: Manage end-to-end cybersecurity compliance engagements for multiple clients, ensuring they meet requirements for frameworks and standards such as NIST 800 series (e.g., NIST 800-53, 800-171, NIST CSF), CMMC, FedRAMP, ISO/IEC 27001, HIPAA/HITECH, HITRUST, and SOC 2.
- Subject Matter Expertise: Serve as the internal and client-facing subject matter expert on security compliance. Provide interpretation of control requirements and guidance on best practices to achieve and maintain compliance across various regulatory frameworks.
- Policy & Procedure Development: Develop, review, and update security policies, standards, and procedures to align with required controls. Deliver complete compliance documentation packages (policies, procedures, risk assessments, System Security Plans, etc.) tailored to each client’s needs, in line with BlueSteel’s compliance preparation methodology.
- Compliance Assessments & Audits: Conduct or coordinate regular security compliance assessments, gap analyses, and readiness audits. Prepare clients for third-party assessments and certification audits (e.g., CMMC certification, SOC 2 Type II audits, ISO 27001 certification) by performing internal audits and evidence collection to validate control implementation.
- Client Advisory & Communication: Work closely with client stakeholders to translate complex technical requirements into clear, actionable plans. Communicate compliance status, audit findings, and remediation recommendations in business-friendly terms. Provide periodic progress reports and executive briefings to client leadership.
- Remediation & Program Implementation: Guide and support clients in implementing necessary security controls and remediation steps. Coordinate with client IT and security teams to deploy technical solutions (such as multi-factor authentication, logging/monitoring, encryption, EDR, etc.) that address compliance gaps. Ensure that compliance measures are not just documented but effectively operationalized in the client’s environment.
- Utilize Security Tools: Leverage a variety of security and compliance tools to support client engagements. This includes using SIEM tools (e.g., Splunk) for log management and compliance monitoring, RMM platforms (e.g., NinjaRMM) for IT systems management, EDR solutions (e.g., SentinelOne) for endpoint security enforcement, and the Microsoft 365 security & compliance suite for cloud and email security. Utilize GRC/compliance applications (e.g., audit and evidence tracking platforms) to streamline assessments, track compliance status, and maintain documentation.
- Stay Current on Regulations: Continuously research and stay up-to-date on the latest cybersecurity laws, regulations, and standards. Proactively update internal templates and client recommendations to accommodate changes in compliance requirements (e.g., new NIST guidelines, updates to CMMC or HIPAA rules, etc.). Ensure BlueSteel’s compliance practices remain cutting-edge and in line with industry trends.
- Team Collaboration & Leadership: Work closely with BlueSteel’s security analysts, engineers, and vCISO consultants to deliver a cohesive service. Mentor junior team members and share knowledge (“Sharing is Caring” culture) to develop the team’s overall expertise. Foster an environment of continuous improvement, where lessons learned from engagements are communicated and process improvements are implemented.
- Client Trust & Relationship Management: Build and maintain strong relationships with client personnel as a trusted security advisor. Ensure client satisfaction by being responsive, reliable, and by providing expert guidance that instills confidence. Exemplify BlueSteel’s value of “Intellectual Care” by thoughtfully addressing client concerns, educating clients on cybersecurity best practices, and demonstrating genuine care for their success in security compliance.
Required Qualifications
- Experience: 5-7+ years of progressive experience in cybersecurity compliance, governance, or risk management roles. Demonstrated experience leading compliance initiatives or audits across multiple frameworks (such as those listed above) is required.
- Framework Expertise: In-depth knowledge of major security compliance frameworks and regulations – NIST SP 800-53/800-171 and NIST CSF, CMMC (Level 2/Level 3 readiness), FedRAMP, ISO 27001, HIPAA and HITECH (healthcare security regulations), HITRUST CSF, and SOC 2 trust principles. Ability to map controls across frameworks and advise on implementation is essential.
- Technical Proficiency: Strong understanding of cybersecurity principles and technologies, including network and system security, identity and access management, endpoint protection, cloud security, encryption, and vulnerability management. Hands-on familiarity with tools like Splunk (or similar SIEM), NinjaRMM (or other RMM platforms), SentinelOne (or comparable EDR/antivirus solutions), and Microsoft 365 security/compliance center features.
- Policy and Documentation Skills: Proven ability to develop comprehensive security policies, procedures, standards, and guidelines. Experience creating documentation for compliance audits (e.g., security program charters, risk assessment reports, incident response plans, POA&M, etc.) and managing evidence artifacts for auditors.
- Project Management: Excellent organizational and project management skills. Capable of scoping and managing multiple projects or client engagements simultaneously in a structured manner. Able to prioritize tasks, meet deadlines, and deliver high-quality results for our client partners.
- Communication & Interpersonal Skills: Exceptional client-facing communication skills. Able to explain technical security controls and compliance requirements to non-technical stakeholders clearly and patiently. Experience conducting meetings, training, or workshops with clients. Strong report writing and presentation abilities.
- Problem-Solving: Analytical mindset with keen attention to detail. Adept at assessing complex environments against compliance checklists, identifying gaps, and formulating practical remediation strategies. Must be self-driven (“Disciplined Every Day and Every Way”) and able to work independently to solve problems, as well as collaboratively in a team setting.
- Education: Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Information Systems, or a related field (or equivalent work experience). Ongoing commitment to professional development in the cybersecurity field.
Preferred Qualifications and Skills
- Certifications: Professional security certifications such as CISSP (Certified Information Systems Security Professional) are strongly preferred. Other relevant certifications are a plus – for example, CISM, CISA, CRISC, GIAC GSEC/GSNA, or compliance-specific credentials (ISO 27001 Lead Auditor/Implementer, CMMC Provisional Assessor, HITRUST Practitioner, etc.).
- Managed Services/Consulting Experience: Experience working in a Managed Service Provider (MSP), cybersecurity consulting firm, or similar client-facing environment is highly desirable. Proven ability to juggle multiple client engagements and adapt to different organization cultures and needs.
- Industry Experience: Background in working with clients in highly regulated industries such as healthcare, finance, education, or government/defense is a plus. Understanding the unique challenges and requirements in these sectors (e.g., handling PHI under HIPAA, or working with government contractors on CMMC) will be advantageous.
- Leadership & Mentorship: Prior experience in a senior or leadership role within a security/compliance team. Ability to mentor junior staff or lead project teams. Demonstrated initiative in improving processes, sharing knowledge, and fostering a positive team environment.
- Compliance Tools: Familiarity with GRC (Governance, Risk & Compliance) platforms or compliance management tools (e.g., OneTrust, Ostendio, Drata, or similar apps) is a plus. Experience leveraging automation for compliance evidence collection, tracking control status, and streamlining audit workflows will be beneficial.
- Continuous Learning: A passion for continuous professional growth and staying ahead of the curve in cybersecurity. (For example, keeping current with new NIST guidance, threat trends, and emerging compliance standards.) Aligns with BlueSteel’s culture of intellectual curiosity and “Intellectual Care,” actively learning and caring about the quality of your work and knowledge.
Why Join BlueSteel Cybersecurity?
At BlueSteel, we are more than just a cybersecurity firm – we are a team that “remembers to be human” while tackling complex security challenges. We offer the opportunity to work on meaningful projects that protect organizations against the unexpected, all within a supportive, people-centric culture. You will collaborate with colleagues who roll up their sleeves to do the dirty work when needed, hold each other accountable to high standards, and celebrate shared successes. We believe in work-life balance and reflection (our FIKA mindset) to keep our team refreshed and inspired. If you are looking to apply your expertise in an environment that values integrity, teamwork, and innovation, we welcome you to apply and help us make cybersecurity compliance simpler and more accessible for our client partners.
BlueSteel Cybersecurity is an equal opportunity employer. We encourage candidates of all backgrounds and experiences to apply. We can’t wait to hear from you and explore how your talents can contribute to our mission and values-driven team!
