Information Security Compliance Consultant - Contract - Remote

SUNSHINE ENTERPRISE USA LLC·Remote(United States)
Legal & Compliance

WFA Digital Insight

The demand for skilled Information Security Compliance Consultants has grown significantly in recent years, with a 25% increase in job postings in 2023 alone. As companies navigate the complexities of remote work and digital transformation, the need for experts who can ensure compliance and mitigate risks has never been greater. With over a decade of experience required, this role is ideal for seasoned professionals looking to leverage their expertise in information security governance, risk, and compliance. SUNSHINE ENTERPRISE USA LLC stands out for its commitment to supporting statewide information security program initiatives, making this a unique opportunity for those passionate about making a meaningful impact in the industry. Before applying, candidates should be prepared to showcase their technical skills, business acumen, and ability to work collaboratively with stakeholders.

Job Description

About the Role

The Information Security Compliance Consultant role at SUNSHINE ENTERPRISE USA LLC is a 12-month contract position that offers the opportunity to work remotely while supporting critical information security program initiatives. As a seasoned professional in this field, you will leverage your expertise to assist agencies with tactical implementation of information security requirements, development and tracking of security implementation plans, compliance assessments, policy and procedure documentation, and governance activities. Your work will have a direct impact on enhancing the security posture of various organizations, ensuring they comply with established security frameworks and state standards.

Day-to-day, you will work closely with business leaders, technical teams, and third-party stakeholders to evaluate security controls, assess compliance readiness, and ensure alignment with regulatory requirements. This role requires strong expertise in information security governance, risk, and compliance (GRC), auditing, and regulatory frameworks, making it an ideal fit for those with a deep understanding of the complexities of information security in a rapidly evolving digital landscape.

Given the nature of the work, there will be occasions where in-person availability is preferred for client and departmental meetings, trainings, and other on-site activities, although the position is primarily remote. This blend of remote and occasional on-site work offers a unique balance for those who value flexibility but also recognize the importance of face-to-face collaboration.

What You Will Do

  • Support agencies with information security program implementation and compliance initiatives
  • Conduct interviews with business owners, technical teams, administrators, and third-party stakeholders to gather security and compliance requirements
  • Develop, document, and maintain security policies, procedures, and governance artifacts
  • Track and monitor Information Security implementation plans and remediation activities
  • Perform compliance assessments against established security frameworks and control standards
  • Review agency documentation and provide recommendations to strengthen security posture and compliance readiness
  • Analyze existing business processes and identify opportunities for improvement and risk reduction
  • Assist in developing corrective action plans (CAP) and Plans of Action & Milestones (POA&M)
  • Support multiple concurrent security and compliance initiatives while maintaining project timelines
  • Prepare reports, findings, and compliance status updates for leadership and stakeholders
  • Ensure alignment with state security standards, regulatory requirements, and industry best practices

What We Are Looking For

  • 10+ years of Information Security and Compliance experience
  • 2+ years of experience conducting security audits or serving as an Information System Security Officer (ISSO)
  • Strong working knowledge of NIST 800-53 security controls and compliance requirements
  • Experience developing and managing POA&M and Corrective Action Plans (CAP)
  • 3+ years of experience working with Governance, Risk, and Compliance (GRC) platforms such as Archer or similar tools
  • Strong documentation, communication, and stakeholder management skills
  • Experience assessing security controls and compliance programs
  • CJIS Certification required after onboarding and processed by the client
  • Bachelor's Degree preferred
  • Equivalent Information Security Certification (e.g., CISA, GSLC)

Nice to Have

  • Experience developing Information Security Plans (ISPs) and System Security Plan (SSP) documentation
  • Experience managing multiple concurrent information security initiatives
  • Knowledge of IRS 1075, HIPAA, CJIS, MARS-E, and PCI-DSS compliance frameworks
  • Government or public sector experience
  • Experience with process analysis, business process re-engineering, and compliance program development
  • Strong project scheduling and resource planning capabilities

Benefits and Perks

  • Competitive contract rate
  • Opportunity to work on high-impact projects supporting statewide information security initiatives
  • Collaborative and dynamic work environment
  • Professional development opportunities
  • Flexible remote work arrangement with occasional in-person meetings
  • Access to the latest tools and technologies in information security and compliance
  • Comprehensive onboarding process to ensure success in the role
  • Recognition and reward for outstanding performance and contributions
  • Opportunity to work with a diverse range of stakeholders and agencies
  • Support for ongoing education and certification in information security and compliance

How to Stand Out

  • Ensure your resume and cover letter are tailored to highlight your experience in information security governance, risk, and compliance, especially as it relates to NIST 800-53 and similar frameworks.
  • Be prepared to provide specific examples of your experience in conducting security audits, managing POA&M and CAP, and working with GRC platforms.
  • Demonstrate your knowledge of regulatory requirements and industry best practices, including CJIS, HIPAA, and PCI-DSS.
  • Showcase your ability to work collaboratively with stakeholders, including technical teams, business leaders, and third-party vendors.
  • Highlight any experience you have with process analysis, business process re-engineering, and compliance program development, as these skills are highly valued in this role.
  • Consider obtaining or highlighting any relevant certifications, such as CISA or GSLC, to demonstrate your expertise and commitment to the field.
  • Prepare to discuss your approach to managing multiple concurrent projects, prioritizing tasks, and meeting deadlines in a fast-paced environment.

This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.