Compliance Consultant

About Us

Steel Root is a cybersecurity services company that specializes in compliance for the U.S. Defense Industrial Base. We’re a startup in high demand, looking for a driven individual to join our team as a Compliance Consultant. We’re passionate about contributing daily to our positive culture, with a commitment to professional development and social responsibility. Steel Root serves a national client base from its headquarters in Salem, MA.

Job Description

Steel Root works with U.S. federal and defense contractors, many of whom are small businesses in manufacturing, high tech, or R&D, to implement security practices and develop mature cybersecurity and compliance practices.

The Compliance Consultant plays a lead role in the development and management of policy, procedures, and practices within client organizations. This role works collaboratively with client stakeholders including business leaders and IT, as well as our internal IT and security services teams and other third-party service providers.

To assist the client in achieving and maintaining compliance, the Compliance Consultant will:

  • Help the customer identify and understand the laws, regulations, and U.S. Government-wide policies that apply to their business
  • Document the flow of sensitive and controlled data types through existing business processes
  • Determine a system scope (technology, people, business processes) for compliance
  • Assess the current implementation of applicable technical and non-technical requirements (e.g., CMMC, DFARS, FAR, export controls)
  • Develop and manage System Security Plan(s), policies, and procedures
  • Manage customer expectations, internal and external resources, and relevant third parties to ensure engagements are successful
  • Ongoing advisory on issues of security and compliance

About You

You’re a strong communicator interested in a fast-paced career in security consulting and professional services. You’re creative, positive, and confident with a passion for details. Your background includes hands-on experience managing compliance programs and you have a proven history of delivering excellent work and exceeding expectations.

A background in IT/IS, compliance and risk management, or management consulting is desirable, as is in-depth experience with one or more security frameworks (e.g., CMMC, NIST, CIS, MITRE ATT&CK).

Hands-on experience implementing NIST SP 800-171 or SP 800-53 is required.


  • U.S. citizenship
  • 2-5 years of experience implementing cybersecurity requirements for Department of Defense contractors (DFARS 252.204-7012, NIST SP 800-171) or federal information systems (NIST SP 800-53, RMF)
  • Very strong written and verbal communication skills, with the ability to convey technical information as a subject matter expert (SME) for various compliance frameworks
  • High emotional intelligence and interpersonal skills, with an enthusiasm for collaboration and coordination with various client company stakeholders from executive management to entry level staff
  • Strong organizational and time management skills with ability to correctly prioritize workload to maintain schedules, deadlines, and standards on assigned projects
  • Ability to remain calm under pressure and be adaptable
  • Ability to cross-train into other specialties
  • Awareness of the cybersecurity product/vendor landscape and current security best practices
  • Detailed understanding of the CMMC certification requirements (including assessment objectives and process maturity requirements up to Level 3) and DFARS 252.204-7012 requirements (including FedRAMP Moderate equivalency requirements for cloud service providers and paragraph (c) – (g) requirements)
  • Awareness of U.S. export control requirements under ITAR and EAR
  • Occasional (20%) travel to various work sites throughout the U.S. may be required

Desired Characteristics

  • Professional certifications such as CISSP, CISM, CISA, or similar
  • Experience leveraging Microsoft cloud services (Azure, Office 365) to meet compliance requirements, especially in Azure Government and Microsoft 365 GCC High environments
  • Experience consulting with multiple clients at the same time
  • Bachelor’s degree or higher in technology, engineering, or related field
  • Ability to obtain U.S. government security clearance


  • Competitive benefits package, including health, dental, 401(k), professional development, and cell phone stipend
  • Team Human work culture
  • Our customers make lasers and launch things into space
  • Work with wicked smaht teammates and hone your skills in one of the hottest niches in the cybersecurity market
  • Play with cool tech, work with customers that love us, and get in on the ground floor of a startup in growth mode

How to Apply

  1.   Get to know us by reading about our services and the industries we serve, and follow us on social media (links in website footer, below).
  2.   Then send your resume with cover letter to Every application is reviewed by a real human being.

Committed to Diversity

Steel Root is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, national origin, gender identity/expression, age, religion, disability, sexual orientation, genetics, veteran status, marital status or any other characteristic protected by law.

This is a general description of the duties, responsibilities and qualifications required for this position. Physical, mental, sensory, or environmental demands may be referenced in an attempt to communicate the manner in which this position traditionally is performed. Whenever necessary to provide individuals with disabilities an equal employment opportunity, Steel Root will consider reasonable accommodations that might involve varying job requirements and/or changing the way this job is performed, provided that such accommodations do not pose an undue hardship.