ZipRecruiter is hiring: Senior Cybersecurity Compliance Manager in Columbia Town

BlueSteel Cybersecurity – a company driven by a mission to develop humanized cybersecurity compliance programs that create sustainable security and confidence for organizations – is seeking an experienced Senior Security Compliance Manager. In this role, you will lead our cybersecurity compliance services and help clients achieve and maintain critical security certifications and regulatory compliance. We pride ourselves on creating low-friction solutions that are both effective and livable for clients, making "being compliant a breeze" while protecting sensitive data. As a Senior Security Compliance Manager, you will embody BlueSteel’s core values – “Do The Dirty Work,” “Disciplined Every Day and Every Way,” “Intellectual Care,” “FIKA (Remember to be Human),” and “Sharing Is Caring” – by working collaboratively, diligently, and transparently to drive successful security outcomes for our clients.

This is a hybrid position (remote and on-site) that requires both deep technical expertise in cybersecurity and outstanding client-facing communication skills. You will act as a trusted advisor to client stakeholders, translating complex security requirements into actionable programs. If you are passionate about cybersecurity compliance, excel in managing diverse frameworks (NIST, CMMC, ISO 27001, HIPAA/HITECH, etc.), and are eager to join a team that values integrity, discipline, and continuous learning, BlueSteel Cybersecurity could be the perfect place to take your career to the next level. Join us in our quest to make compliance easy and empowering for our clients, all while working in a culture that values teamwork, growth, and taking care of our people.

Key Responsibilities

• Lead Compliance Engagements: Manage end-to-end cybersecurity compliance engagements for multiple clients, ensuring they meet requirements for frameworks and standards such as NIST 800 series (e.g., 800-53, 800-171, NIST CSF), CMMC, FedRAMP, ISO/IEC 27001, HIPAA/HITECH, HITRUST, and SOC 2.
• Subject Matter Expertise: Serve as the internal and client-facing subject matter expert on security compliance. Provide interpretation of control requirements and guidance on best practices to achieve and maintain compliance across various regulatory frameworks.
• Policy & Procedure Development: Develop, review, and update security policies, standards, and procedures to align with required controls. Deliver complete compliance documentation packages (policies, procedures, risk assessments, System Security Plans, etc.) tailored to each client’s needs, in line with BlueSteel’s compliance preparation methodology.
• Compliance Assessments & Audits: Conduct or coordinate regular security compliance assessments, gap analyses, and readiness audits. Prepare clients for third-party assessments and certification audits (e.g., CMMC certification, SOC 2 Type II audits, ISO 27001 certification) by performing internal audits and evidence collection to validate control implementation.
• Client Advisory & Communication: Work closely with client stakeholders to translate complex technical requirements into clear, actionable plans. Communicate compliance status, audit findings, and remediation recommendations in business-friendly terms. Provide periodic progress reports and executive briefings to client leadership.
• Remediation & Program Implementation: Guide and support clients in implementing necessary security controls and remediation steps. Coordinate with client IT and security teams to deploy technical solutions (such as multi-factor authentication, logging/monitoring, encryption, EDR, etc.) that address compliance gaps. Ensure that compliance measures are not just documented but effectively operationalized in the client’s environment.
• Utilize Security Tools: Leverage a variety of security and compliance tools to support client engagements. This includes using SIEM tools (e.g., Splunk) for log management and compliance monitoring, RMM platforms (e.g., NinjaRMM) for IT systems management, EDR solutions (e.g., SentinelOne) for endpoint security enforcement, and the Microsoft 365 security & compliance suite for cloud and email security. Utilize GRC/compliance applications (e.g., audit and evidence tracking platforms) to streamline assessments, track compliance status, and maintain documentation.
• Stay Current on Regulations: Continuously research and stay up-to-date on the latest cybersecurity laws, regulations, and standards. Proactively update internal templates and client recommendations to accommodate changes in compliance requirements (e.g., new NIST guidelines, updates to CMMC or HIPAA rules, etc.). Ensure BlueSteel’s compliance practices remain cutting-edge and in line with industry trends.
• Team Collaboration & Leadership: Work closely with BlueSteel’s security analysts, engineers, and vCISO consultants to deliver a cohesive service. Mentor junior team members and share knowledge to develop the team’s overall expertise. Foster an environment of continuous improvement, where lessons learned from engagements are communicated and process improvements are implemented.
• Client Trust & Relationship Management: Build and maintain strong relationships with client personnel as a trusted security advisor. Ensure client satisfaction by being responsive, reliable, and by providing expert guidance that instills confidence. Exemplify BlueSteel’s value of “Intellectual Care” by thoughtfully addressing client concerns, educating clients on cybersecurity best practices, and demonstrating genuine care for their success in security compliance.

Required Qualifications

• Experience: 5-7+ years of progressive experience in cybersecurity compliance, governance, or risk management roles. Demonstrated experience leading compliance initiatives or audits across multiple frameworks is required.
• Framework Expertise: In-depth knowledge of major security compliance frameworks and regulations – NIST SP 800-53/800-171 and NIST CSF, CMMC (Level 2/Level 3 readiness), FedRAMP, ISO 27001, HIPAA and HITECH, HITRUST CSF, and SOC 2 trust principles. Ability to map controls across frameworks and advise on implementation is essential.
• Technical Proficiency: Strong understanding of cybersecurity principles and technologies, including network and system security, and access management, endpoint protection, cloud security, encryption, and vulnerability management. Hands-on familiarity with tools like Splunk (or similar SIEM), NinjaRMM (or other RMM platforms), SentinelOne (or comparable EDR/antivirus solutions), and Microsoft 365 security/compliance center features.
• Policy and Documentation Skills: Proven ability to develop comprehensive security policies, procedures, standards, and guidelines. Experience creating documentation for compliance audits and managing evidence artifacts for auditors.
• Project Management: Excellent organizational and project management skills. Capable of scoping and managing multiple projects or client engagements simultaneously in a structured manner. Able to prioritize tasks, meet deadlines, and deliver high-quality results for our client partners.
• Communication & Interpersonal Skills: Exceptional client-facing communication skills. Able to explain technical security controls and compliance requirements to non-technical stakeholders clearly and patiently. Experience conducting meetings, training, or workshops with clients. Strong report writing and presentation abilities.
• Problem-Solving: Analytical mindset with keen attention to detail. Adept at assessing complex environments against compliance checklists, identifying gaps, and formulating practical remediation strategies. Must be self-driven and able to work independently to solve problems, as well as collaboratively in a team setting.
• Education: Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Information Systems, or a related field (or equivalent work experience). Ongoing commitment to professional development in the cybersecurity field.

Qualifications and Skills

• Certifications: Professional security certifications such as CISSP are strongly recommended. Other relevant certifications are a plus, for example CISM, CISA, CRISC, GIAC GSEC/GSNA, or compliance-specific credentials (ISO 27001 Lead Auditor/Implementer, CMMC Provisional Assessor, HITRUST Practitioner, etc.).
• Managed Services/Consulting Experience: Experience working in a Managed Service Provider (MSP), cybersecurity consulting firm, or similar client-facing environment is highly desirable. Proven ability to juggle multiple client engagements and adapt to different organization cultures and needs.
• Industry Experience: Background in working with clients in highly regulated industries such as healthcare, finance, education, or government/defense is a plus. Understanding the unique challenges and requirements in these sectors will be advantageous.
• Leadership & Mentorship: Prior experience in a senior or leadership role within a security/compliance team. Ability to mentor junior staff or lead project teams. Demonstrated initiative in improving processes, sharing knowledge, and fostering a positive team environment.
• Compliance Tools: Familiarity with GRC platforms or compliance management tools is a plus. Experience leveraging automation for compliance evidence collection, tracking control status, and streamlining audit workflows will be beneficial.
• Continuous Learning: A passion for continuous professional growth and staying ahead of the curve in cybersecurity. Aligns with BlueSteel’s culture of intellectual curiosity and “Intellectual Care,” actively learning and caring about the quality of your work and knowledge.

Hiring Process

Candidates for this position can expect the hiring process to follow the order below.

1. Screening call with a team member.
2. Interview with executive staff
3. Interview with the CEO

Company Description

We’ve seen firsthand the painful struggles of introducing new security programs into organizations, so we are particularly driven to make the process better. We recognize that team members are the key to our success and we’re always looking for more talented people to join us. If you’re passionate about cybersecurity and about creating low-friction solutions that are both effective and livable for clients, BlueSteel Cyber could be the place to take your career. Join us in our quest to make being compliant a breeze – it’ll be a blast!