Compliance Advisor

About Us

Steel Root is a cybersecurity services company that specializes in compliance for the U.S. Defense Industrial Base. We’re a startup in high demand, looking for a driven individual to join our team as a Compliance Advisor. We’re passionate about contributing daily to our positive culture, with a commitment to professional development and social responsibility. Steel Root serves a national client base from its headquarters in Salem, MA.

About You

You’re a strong communicator interested in a fast-paced career in security consulting and professional services. You’re a strategic thinker, and passionate about the details. Your background includes hands-on experience managing information systems and you have a proven history of delivering excellent work and exceeding expectations.

A background in IT/IS, compliance and risk management, or management consulting is desirable, as is in-depth experience with one or more security frameworks (e.g., NIST, CIS, PCI, SOC2). Hands-on experience with NIST SP 800-171 or SP 800-53 is required.

Industry certifications (e.g., CISSP, CISM, CISA) are not required but will be considered as part of the selection process.

Candidates located in or near Boston, MA or Washington, DC are preferred, though we also consider remote candidates. For compliance with our customers’ export control requirements, you must be a U.S. Person as defined by ITAR.

Job Description

Steel Root works with federal and defense contractors, many of whom are small businesses in high tech, R&D, or manufacturing, to build cybersecurity maturity and implement CMMC security practices.

Your primary role is to consult with clients on data security compliance, build a project roadmap for achieving compliance, and act as project manager on implementation projects executed by our internal team or third parties. You will work consultatively and collaboratively with client stakeholders including business leaders and IT.

Client engagements typically include the following elements:

  • Determine a system scope (technology, people, business processes) for compliance
  • Assess the current implementation of applicable security requirements (CMMC, NIST SP 800-171)
  • Develop a project roadmap for implementation
  • Manage customer expectations, our internal resources, and relevant third parties to ensure projects are successful
  • Draft and manage System Security Plan(s)
  • Ongoing advisory on issues of security and compliance

Travel requirements: 20-30%

This is typically a full-time W2 position, but we are open to discussing part-time and 1099 contractor opportunities.


  • 2-5 years experience implementing federal security requirements (DFARS 252.204-7012, NIST SP 800-171, NIST SP 800-53, RMF)
  • 5-10 years experience implementing CMMC practices (jk, but ideal candidates are closely tracking the CMMC rollout)
  • Awareness of the cybersecurity product/vendor landscape and current security best practices
  • Very strong written and verbal communication skills
  • Strategic thinker and creative problem solver
  • Highly-motivated and detail-oriented
  • Public speaking


  • Competitive benefits package, including health, 401(k), and cell phone stipend
  • Team Human work culture
  • Our customers make lasers and launch things into space
  • Work with wicked smaht teammates and hone your skills in the hot cybermaturity market
  • Play with cool tech, work with customers that love us, and get in on the ground floor of a startup in growth mode

How to Apply

  1. Get to know us by reading about our services and the industries we serve, and follow us on social media (links in website footer, below).
  2. Then send your resume with cover letter to Every application is reviewed by a real human being.
    ** Update 10/25: We recently filled this role. However, we expect to open it up again in early 2021. If you’re interested in starting a conversation, please reach out.