Compliance Analyst – ISO 42001 / CMMC / SOC 2

Position Overview

By Light is seeking a full-time Cyber Security SME to join our growing security and compliance team. This role supports By Light’s Security Operations Center (SOC) and compliance initiatives, with a focus on achieving and maintaining certifications under ISO/IEC 42001 (AI Management Systems), CMMC Level 2, and SOC 2. The ideal candidate will assist in the implementation, documentation, monitoring, and continuous improvement of enterprise security controls to meet internal policy, federal requirements, and industry standards.

This is a hands-on role that blends technical knowledge, compliance strategy, audit preparation, and cross-team collaboration to ensure enterprise-wide security and assurance for AI, cloud, and IT/OT systems.

Responsibilities

• Support compliance operations aligned with ISO/IEC 42001, CMMC Level 2, and SOC 2 frameworks.
• Maintain security documentation including policies, procedures, system security plans (SSPs), plans of action and milestones (POA&Ms), and risk assessments.
• Assist in the implementation and monitoring of cybersecurity controls across cloud environments (AWS, Azure) and hybrid infrastructure.
• Collaborate with IT, engineering, and operations teams to ensure controls are enforced, evidence is collected, and remediation timelines are met.
• Develop and generate compliance metrics and dashboards using tools like Splunk and AWS CloudWatch.
• Conduct internal control reviews and gap analyses; support third-party audits and government assessments.
• Track and respond to security incidents, policy violations, and control deficiencies.
• Provide briefings, written reports, and presentations to leadership and stakeholders.

Required Experience/Qualifications

• 2+ years of experience supporting compliance efforts for one or more of the following: ISO/IEC 42001, CMMC Level 2, SOC 2, NIST SP 800-53, or NIST SP 800-171.
• Working knowledge of AWS services including EC2, S3, IAM, and CloudWatch.
• Experience using Splunk to create dashboards and compliance views for evidence tracking and control monitoring.
• Understanding of security operations and risk management in Linux and Windows environments.
• Strong technical writing and documentation skills for policies, audit artifacts, and risk assessments.
• Ability to manage multiple concurrent deadlines with minimal supervision.

Preferred Experience/Qualifications

• Familiarity with AI governance concepts and the ISO/IEC 42001 AI Management System structure.
• Experience coordinating audit readiness for FedRAMP, ISO, or DoD assessments.
• Prior work with vulnerability management, patch tracking, or compliance ticketing workflows.
• Experience working with external auditors, assessors, or federal partners.
• Experience with compliance dashboards, automated evidence collection, and reporting pipelines.

Special Requirements/Security Clearance

• ISC2 CISSP or equivalent combination of training and experience.
• CGRC