Senior Cybersecurity Compliance Manager Job at BlueSteel Cybersecurity in Columb

Overview

Join to apply for the Senior Cybersecurity Compliance Manager role at BlueSteel Cybersecurity. BlueSteel Cybersecurity is a company focused on developing humanized cybersecurity compliance programs that create sustainable security and confidence for organizations. The Senior Security Compliance Manager will lead cybersecurity compliance services and help clients achieve and maintain critical security certifications and regulatory compliance. The role emphasizes low-friction, effective, and livable solutions for clients while protecting sensitive data. The position embodies BlueSteel’s values in daily collaboration, discipline, transparency, and client success.

Key Responsibilities

• Lead Compliance Engagements: Manage end-to-end cybersecurity compliance engagements for multiple clients, ensuring they meet requirements for frameworks and standards such as NIST 800 series (e.g., 800-53, 800-171, NIST CSF), CMMC, FedRAMP, ISO/IEC 27001, HIPAA/HITECH, HITRUST, and SOC 2.
• Subject Matter Expertise: Serve as the internal and client-facing subject matter expert on security compliance. Interpret control requirements and provide guidance on best practices to achieve and maintain compliance across frameworks.
• Policy & Procedure Development: Develop, review, and update security policies, standards, and procedures to align with required controls. Deliver complete compliance documentation packages tailored to each client’s needs (policies, procedures, risk assessments, System Security Plans, etc.).
• Compliance Assessments & Audits: Conduct or coordinate regular security compliance assessments, gap analyses, and readiness audits. Prepare clients for third-party assessments and certification audits (e.g., CMMC, SOC 2 Type II, ISO 27001) through internal audits and evidence collection.
• Client Advisory & Communication: Translate complex requirements into actionable plans. Communicate compliance status, audit findings, and remediation recommendations in business terms. Provide progress reports and executive briefings to client leadership.
• Remediation & Program Implementation: Guide clients in implementing security controls and remediation steps. Coordinate with client IT and security teams to deploy controls (e.g., MFA, logging/monitoring, encryption, EDR) and ensure operationalization of compliance measures.
• Utilize Security Tools: Leverage security and compliance tools including SIEM (e.g., Splunk), RMM (e.g., NinjaRMM), EDR (e.g., SentinelOne), Microsoft 365 security & compliance, and GRC/evidence tracking platforms to support engagements.
• Stay Current on Regulations: Research and stay up-to-date on cybersecurity laws, regulations, and standards. Update internal templates and recommendations to reflect changes in the field.
• Team Collaboration & Leadership: Work with security analysts, engineers, and vCISO consultants. Mentor junior team members and foster a culture of continuous improvement and knowledge sharing.
• Client Trust & Relationship Management: Build and maintain strong client relationships as a trusted advisor. Ensure client satisfaction through responsive guidance and demonstrated care for client success in security compliance.

Required Qualifications

• Experience: 5-7+ years of progressive experience in cybersecurity compliance, governance, or risk management. Experience leading compliance initiatives or audits across multiple frameworks.
• Framework Expertise: Knowledge of major security frameworks and regulations (NIST SP 800-53/800-171, NIST CSF, CMMC, FedRAMP, ISO 27001, HIPAA/HITECH, HITRUST, SOC 2). Ability to map controls across frameworks and advise on implementation.
• Technical Proficiency: Understanding of cybersecurity principles and technologies including IAM, endpoint protection, cloud security, encryption, vulnerability management. Hands-on familiarity with tools like Splunk, NinjaRMM, SentinelOne, and Microsoft 365 security/compliance.
• Policy & Documentation Skills: Ability to develop policies, procedures, standards, and guidelines. Experience creating documentation for audits and managing evidence artifacts.
• Project Management: Strong organizational skills to manage multiple projects or client engagements simultaneously, prioritize tasks, and meet deadlines.
• Communication & Interpersonal Skills: Excellent client-facing communication; ability to explain technical controls to non-technical stakeholders; strong report writing and presentation skills.
• Problem-Solving: Analytical mindset with attention to detail and the ability to work independently and within a team.
• Education: Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Information Systems, or related field or equivalent work experience. Commitment to ongoing professional development.

Preferred Qualifications and Skills

• Certifications: CISSP is strongly preferred; additional certifications (CISM, CISA, CRISC, GIAC, ISO 27001 Lead Auditor/Implementer, CMMC Provisional Assessor, HITRUST) are a plus.
• Managed Services/Consulting Experience: Experience in MSP or cybersecurity consulting roles is desirable, with ability to manage multiple client engagements.
• Industry Experience: Experience with regulated industries (healthcare, finance, education, government) is a plus.
• Leadership & Mentorship: Experience in senior/leadership roles and ability to mentor others and improve processes.
• Compliance Tools: Familiarity with GRC platforms (OneTrust, Ostendio, Drata, etc.) and automation for evidence collection and audit workflows is beneficial.
• Continuous Learning: Commitment to staying current with new guidance and trends aligned with BlueSteel’s culture.

Hiring Process

• Screening call with a team member
• Interview with executive staff
• Interview with the CEO

Company Description

BlueSteel Cybersecurity is focused on creating low-friction, effective, and livable security solutions for clients, with an emphasis on teamwork, growth, and caring for people. We are committed to making compliance easier while protecting client data.