By Light HQ

Welcome page

Compliance Analyst – ISO 42001 / CMMC / SOC 2

Job Locations US-Remote
Posted Date 15 hours ago(7/22/2025 11:23 AM)
ID
2025-10477
# of Openings
1
Category
Cyber
Clearance
None

Position Overview

By Light is seeking a full-time Cyber Security SME to join our growing security and compliance team. This role supports By Light’s Security Operations Center (SOC) and compliance initiatives, with a focus on achieving and maintaining certifications under ISO/IEC 42001 (AI Management Systems), CMMC Level 2, and SOC 2. The ideal candidate will assist in the implementation, documentation, monitoring, and continuous improvement of enterprise security controls to meet internal policy, federal requirements, and industry standards.

 

This is a hands-on role that blends technical knowledge, compliance strategy, audit preparation, and cross-team collaboration to ensure enterprise-wide security and assurance for AI, cloud, and IT/OT systems.

Responsibilities

  • Support compliance operations aligned with ISO/IEC 42001, CMMC Level 2, and SOC 2 frameworks.
  • Maintain security documentation including policies, procedures, system security plans (SSPs), plans of action and milestones (POA&Ms), and risk assessments.
  • Assist in the implementation and monitoring of cybersecurity controls across cloud environments (AWS, Azure) and hybrid infrastructure.
  • Collaborate with IT, engineering, and operations teams to ensure controls are enforced, evidence is collected, and remediation timelines are met.
  • Develop and generate compliance metrics and dashboards using tools like Splunk and AWS CloudWatch.
  • Conduct internal control reviews and gap analyses; support third-party audits and government assessments.
  • Track and respond to security incidents, policy violations, and control deficiencies.
  • Provide briefings, written reports, and presentations to leadership and stakeholders.

Required Experience/Qualifications

  • 2+ years of experience supporting compliance efforts for one or more of the following: ISO/IEC 42001, CMMC Level 2, SOC 2, NIST SP 800-53, or NIST SP 800-171.
  • Working knowledge of AWS services including EC2, S3, IAM, and CloudWatch.
  • Experience using Splunk to create dashboards and compliance views for evidence tracking and control monitoring.
  • Understanding of security operations and risk management in Linux and Windows environments.
  • Strong technical writing and documentation skills for policies, audit artifacts, and risk assessments.
  • Ability to manage multiple concurrent deadlines with minimal supervision.

Preferred Experience/Qualifications

  • Familiarity with AI governance concepts and the ISO/IEC 42001 AI Management System structure.
  • Experience coordinating audit readiness for FedRAMP, ISO, or DoD assessments.
  • Prior work with vulnerability management, patch tracking, or compliance ticketing workflows.
  • Experience working with external auditors, assessors, or federal partners.
  • Experience with compliance dashboards, automated evidence collection, and reporting pipelines.

Special Requirements/Security Clearance

  • ISC2 CISSP or equivalent combination of training and experience.
  • CGRC

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

By Light recognizes that our strength is our people. We support every employee as an individual to build strong teams across the enterprise. Our benefit package includes:

  • Medical, Dental & Vision Coverage
  • Wellness Program
  • 401(k) Matching
  • Disability (Short Term & Long Term)
  • Employee Assistance Program
  • Life Insurance
  • Education & Training
  • Generous Leave Policy (11 Federal Holidays, PTO, and Military Leave)

By Light is an Equal Opportunity and Affirmative Action Employer. All qualified candidates will receive consideration regardless of gender, race, veteran status, disability, and any other protected class in accordance with federal, state and local laws.