$110,000–$140,000 Per Year
Administrative Skills, Analysis Skills, Auditing, CISA - Certified Information Systems Auditor, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Cadence, Certified Compensation Professional, Communication Skills, Consulting, Continuous Improvement, Customer Experience, Customer Relations, Customer Support/Service, Customer Training, Detail Oriented, Documentation, Documentation Plan, Follow Through, HIPAA (Health Insurance Portability and Accountability Act), ISO (International Organization for Standardization), Information/Data Security (InfoSec), Internet Security, Leadership, Maintain Compliance, Microsoft Product Family, Nonprofit, On Call, Onboarding, Organizational Skills, Policy Development, Problem Solving Skills, Protective Services, Regulatory Compliance, Risk, Risk Management, Security Analysis, Security Compliance, Set Goals, Status Reports, Technical Support, Technical Writing, Time Management, U.S. National Institute of Standards and Technology (NIST), United States Citizen, Writing Skills
Description
Location: This is a remote position; however, candidates must work on the Pacific Time Zone
You’re the kind of person who helps others succeed.
You’re sharp, resourceful, and calm under pressure—the one people count on when technology misbehaves. You love solving problems, restoring order, and creating moments where others can breathe again because you’ve got it handled.
But lately, you might be craving a team that matches your standards—where doing great work and helping others thrive go hand in hand.
That’s where Endsight comes in.
Who We Are
Endsight is a fast-growing IT Managed Service Provider built on one core belief:
When we help others thrive, we thrive too.
We partner with small and mid-sized organizations—including nonprofits—to ensure their technology performs flawlessly so they can focus on what they do best.
We’re a team that learns fast, leans in, and looks out for one another. Life here feels like being part of a great university—you’ll grow quickly, connect deeply, and do work that truly matters.
About the Role
Endsight is looking for a Senior Compliance & Governance Analyst to help clients navigate cybersecurity compliance, governance, and risk management with clarity and structure.
This role serves as a primary security and compliance point of contact for Endsight clients, especially MSSP clients with elevated compliance needs. It also supports Endsight's internal governance and data protection efforts.
This is a client-facing advisory, coordination, and implementation role. Endsight is not an auditing firm and does not perform formal audits. Instead, this position helps clients prepare for, understand, and manage compliance efforts across frameworks such as CMMC, ISO 27001, HIPAA, SOC 2, CIS, and NIST.
The ideal candidate is organized, highly communicative, strong in technical writing, comfortable managing multiple stakeholders, and able to translate complex compliance requirements into practical next steps.
Purpose--What You'll Do
- Serve as the primary compliance and governance contact for assigned MSP and MSSP clients.
- Guide clients through compliance readiness efforts, including planning, documentation, policy development, evidence preparation, and auditor-facing coordination.
- Own the onboarding and ongoing service experience for compliance-focused MSSP clients.
- Prepare and deliver compliance-focused security QBRs, cadence calls, and client status updates.
- Write, update, and maintain Written Information Security Programs, security policies, governance documentation, and related client-facing materials.
- Help scope, coordinate, and manage compliance and security projects to ensure work is scheduled, communicated, and delivered on time.
- Support Microsoft Purview, data governance, sensitivity labeling, and Bronze/Silver/Gold data classification initiatives for Endsight and its clients.
- Advise internal leaders on compliance, governance, data protection, and risk management needs.
- Coordinate with security analysts, Client Strategy Managers (CSMs), consultants, leadership, and client stakeholders to keep compliance work moving.
- Participate in customized cybersecurity awareness training efforts for clients.
- Support the security team's shared SOC alert and on-call process by assisting with initial triage and communication when needed. This is not a hands-on technical support role.
This role is expected to be approximately:
| Estimate | Focus Area
| 40% | Client-facing MSSP compliance and governance work
| 25% | Internal compliance and governance support
| 20% | Research, development, and service improvement
| 15% | Administrative coordination, scheduling, and documentation
These percentages are estimates and may shift based on client needs, internal priorities, and service development goals.
What Success Looks Like
- Clients clearly understand where they stand, what comes next, and what Endsight is doing on their behalf.
- Compliance work is organized, scheduled, tracked, and communicated effectively.
- Policies, WISPs, QBRs, status updates, and client documentation are accurate, practical, and delivered on time.
- Internal and external stakeholders trust you as a calm, clear, and knowledgeable compliance resource.
- Endsight's compliance and governance practice continues to mature through better process, documentation, and client experience.
- You can balance client advocacy with realistic guidance, especially when expectations need to be reset.
Skills, Knowledge and Expertise
Required Qualifications
- Bachelor's degree and 6+ years of relevant experience, or 10+ years of IT, cybersecurity, compliance, or governance experience in lieu of a degree.
- Experience advising clients or internal stakeholders on security governance, compliance readiness, and risk management.
- Working knowledge of compliance and security frameworks such as NIST, CIS Controls, SOC 2, ISO 27001, HIPAA, and/or CMMC.
- Minimum 2 years of experience with Microsoft Purview, including data governance, sensitivity labeling, information protection, or related Microsoft 365 compliance capabilities.
- SC-401 passed within three months of hire or previously attained. Endsight will pay for training and exams if not previously completed.
- CCP certification within six months of hire or previously attained. Endsight will pay for training and exams if not previously completed.
- Strong technical writing skills, including the ability to create policies, security program documentation, status reports, and executive/client-facing communications.
- Excellent communication, organization, collaboration, and follow-through.
- Ability to manage competing demands across clients, internal teams, and leadership priorities.
- Strong attention to detail.
- Ability to work independently in a remote environment.
- Self-motivated, proactive, and comfortable moving work forward without constant direction.
- U.S. citizenship.
Preferred Qualifications
- Current CCP and Microsoft SC-401 certification.
- CISA, CISM, CISSP, or similar governance, risk, compliance, or security certification.
- Experience in an MSP, MSSP, consulting, or client-facing security services environment.
- Experience supporting clients through CMMC, ISO 27001, HIPAA, SOC 2, or other regulated compliance efforts.
- Familiarity with security QBRs, client roadmaps, compliance reporting, and executive-level risk communication.
- Ability to turn complex requirements into practical plans, visuals, summaries, and client-ready explanations.
- Strong analytical and problem-solving skills.
- Genuine curiosity for cybersecurity, governance, and continuous improvement.
Benefits
- Medical: Company pays 100% of the base plan for the employee and family
- Dental & Vision
- 401(k) with employer matching
- Accrued Paid Time Off
- 9 Paid Holidays
- Career Pathing