Compliance Specialist

What we are looking for  

• →

  Provide governance and oversight of the organization’s Integrated Management System (IMS), including ISO/IEC 27001 (ISMS) and ISO 9001 (QMS), within leadership approved scope. 

• →

  Monitor conformance of information security and quality management processes to applicable ISO requirements supporting government contracting deliverables and audits. 

• →

  Maintain management system documentation, including policies, procedures, Statements of Applicability, risk registers, and governance records. 

• Plan, coordinate, and conduct internal ISO and compliance audits, ensuring objectivity and appropriate segregation of duties. 

• Maintain certification and assessment documentation and coordinate external audits, surveillance activities, and assessments. 

• Monitor compliance performance through audits, assessments, and reviews, and report results to leadership. 

• Track and verify completion of corrective actions arising from audits, assessments, incidents, or identified nonconformities. 

• Coordinate and maintain a CMMC 2.0 compliance program, aligned with organizational cybersecurity strategy and applicable NIST requirements. 

• Prepare, maintain, and manage CMMC‑related documentation, including SSPs, POA&Ms, risk assessments, assessment artifacts, and SPRS score submissions. 

• Serve as a primary liaison with C3PAOs, external assessors, and auditors to support readiness reviews and assessments. 

• Monitor CMMC rule updates and advise leadership on emerging requirements, compliance risks, and improvement opportunities. 

• Coordinate recurring risk assessments related to information systems and business processes and support risk treatment and mitigation planning with system and process owners. 

• Analyze organizational processes and systems to identify gaps relative to regulatory, contractual, and ethical requirements. 

• Support compliance with applicable FAR, DFARS, ITAR, FCPA, and other federal contracting requirements by monitoring obligations and coordinating evidence. 

• Support adherence to U.S. Government security frameworks, including NIST RMF and DCSA DAAPM, where contractually applicable. 

• Develop and deliver compliance and security awareness training covering ISO processes, CMMC requirements, government contracting obligations, and cybersecurity best practices. 

• Promote a culture of compliance accountability, ethical conduct, and risk based decision‑making across the organization. 

• Serve as a central point of coordination for compliance related communications with government agencies, customers, auditors, and assessors. 

• Review contractual compliance requirements related to cybersecurity, data protection, and regulatory obligations, coordinating with legal and business stakeholders as appropriate. 

• Support administration of compliance related contract activities, including NDAs, contract modifications, COIs, and GWAC‑specific obligations (e.g., GSA STARS III), in coordination with appropriate functional owners. 

• Support organizational governance and regulatory posting requirements influenced by federal, state, and industry obligations, in coordination with HR and leadership. 

• Oversee and coordinate compliance activities influenced by organizational governance, industry standards, and employment related regulatory obligations, in collaboration with Human Capital, Legal, and leadership. 

• Monitor and document requirements for federal and state mandated employment postings and notices, ensuring accurate identification and timely coordination with Human Capital for implementation. 

• Maintain evidence demonstrating awareness, tracking, and coordination of employment related compliance obligations for audit, contractual, or regulatory review. 

• Support updates to governance and compliance documentation impacted by changes in employment laws or workforce related regulatory requirements, as directed by leadership. 

• Support the maintenance of compliance with federal registration and reporting requirements, including System for Award Management (SAM) and Commercial and Government Entity (CAGE)/CAF records, ensuring accuracy, timeliness, and proper renewal of all organizational registrations. 

• Track Transactional Data Reporting (TDR) obligations, including data collection, validation, and submission in accordance with applicable regulatory requirements. 

• Support organizational risk management initiatives, including the planning and execution of corporate insurance renewals, ensuring accurate disclosures and alignment with business operations. 

• Coordinate cross-functional efforts to complete insurance and compliance attestations, including documentation that validates adherence to required internal controls. 

• Partner with IT and Security teams to ensure that cybersecurity insurance requirements are in place, including verification of controls such as multi-factor authentication (MFA), employee security awareness training, automated escalation protocols, and other protective measures. 

• Maintain documentation and audit-ready records supporting compliance with financial, administrative, and risk management obligations. 

• Utilize established internal controls, audit mechanisms, and monitoring processes to identify, document, and address noncompliance. 

• Support updates to compliance processes and documentation resulting from regulatory changes, audit results, or leadership direction. 

Aleto’s Employee Expectations/Responsibilities  

• Compliance with all Aleto processes, standards, and guidelines including the utilization of the employee and intranet platforms to stay up to date on company news and events, submitting expense reports, providing monthly progress reports, etc. 

• Participate in recurring 1:1 and performance development meetings with your Aleto team lead to discuss current job tasks, promote open dialog/feedback, recognize and celebrate wins, and review positive and purposeful approaches for meeting work-related and professional development goals. 

• Attend team meetings, tri-annual company All-Hands Meetings, and other company-sponsored team-building events to foster and support Aleto's core values, vision, and culture. 

Qualifications/Capabilities/Software Knowledge 

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required.  

Required Qualifications/Education/Experience: 

• Bachelor’s degree in Cybersecurity, HR, Information Technology, Business, Law, or equivalent experience.  

• 2–5+ years of experience in compliance, cybersecurity, and/or government contracting. 

• Experience with CMMC, NIST SP 800‑171, and ISO 27001 compliance programs. 

• Ability to interpret complex regulations and translate them into actionable internal processes. 

Desired Qualifications/Education/Experience: 

• Professional certifications: CMMC Registered Practitioner/Assessor, CCEP, CISSP, CISA, ISO 27001 Lead Implementer/Auditor. 

• Strong understanding of FAR/DFARS, ITAR, and government contracting requirements. 

• Experience managing audits for CMMC, ISO, or NIST frameworks. 

• Experience preparing government systems for RMF/DAAPM compliance. 

Technological Skills: 

• Microsoft 365 (Word, Excel, SharePoint, OneDrive, Teams) 

• Excel (advanced functions, pivot tables, VLOOKUP/XLOOKUP) 

• Learning Management Systems  

• Preferred systems experience:  

• Confluence / Jira (for documentation + project tracking) 

• Power BI or Tableau 

• SQL basics   

Required Knowledge and Skills: 

• Demonstrates a high degree of independence and sound judgment in daily responsibilities. 

• Exhibits the ability to stay focused on objectives and make timely decisions. 

• Able to independently research, analyze, and resolve complex issues with minimal supervision. 

• Strong analytical and problem‑solving abilities 

• Excellent written and verbal communication skills 

• Ability to manage cross‑functional projects and multi‑framework compliance efforts 

• Attention to detail and high ethical standards 

• Familiarity with compliance management tools and documentation systems 

Other: 

• Highest level of integrity managing confidential information 

Full-time employees are eligible to enroll in Aleto’s Aetna-sponsored health insurance plans. Aleto contributes $400 per month toward employee medical premiums, equal to 75% of the Employee Only premium for the HSA 3300 Base Plan. Employees may select from two HSA-eligible plans or a POS plan. 

Aleto provides dental insurance coverage through the Aetna PPO 2000 plan. Aleto contributes 75% of the employee’s premium. 

Aleto provides vision benefits coverage through the Aetna Preferred Vision.  Aleto contributes 75% of the employee’s premium.  

The option to enroll in an HSA or FSA depending on elected medical insurance coverage.  

Company-paid short-term and long-term disability insurance. 

Company-paid life insurance coverage.  

Paid time off includes eleven federal holidays. Full-time employees accrue PTO at the rate of 5 hours per pay period for a total of three weeks per year. In addition, employees are provided with a separate bank of 40 hours of paid sick leave per year.  

Aleto offers full-time employees a 401(k) qualified retirement plan.  

Professional Development is identified as job-related training which enables an employee to improve their performance, their development as a professional within the organization, and/or as a means of retaining and developing key skills and competencies related to the demands of the job.  

Environment and Physical Conditions  

While performing the duties of this job, the employee is required to have ambulatory skills sufficient to visit other locations; and the ability to remain in a stationary position at least 50% of the time, move inside and around an office, position themself to access items located in high or low areas, and transport items weighing up to 20 pounds across the office. Requires the constant operation of a computer and other office productivity machinery and the ability to observe details at a close range typically within a few feet of the observer.  The employee interacts frequently with other workers, vendors, and clients and will communicate information and ideas so others will understand and must be able to exchange accurate information in these situations. The position consistently requires work to be completed in an office environment with artificial light and air. 

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed above are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the position.