Location: Remote / United States
Type: Part-time
Hours: 20–25 hrs/week
Compensation: $72,000 – $98,000 / year
About the role
Help MBG meet its security, privacy, and telecom-regulatory obligations. You will operate the day-to-day compliance program — evidence collection, control monitoring, vendor reviews, and customer security questionnaires — across SOC 2, GDPR, CCPA, and telecom regulatory regimes.
Ready to Apply?
Take the next step in your career with MBG Expense Management. Visit our website to learn more about the company, explore current vacancies, and discover how you can become part of our growing team. Candidates are also welcome to apply directly by email by sending their CV and a short introduction. We look forward to hearing from motivated professionals ready to grow with us. Email for application: [email protected]
Responsibilities:
- Operate the SOC 2 Type II program: control monitoring, evidence collection, audit prep
- Support GDPR / CCPA program activities: DPIAs, DSAR responses, vendor processing agreements
- Track US regulatory developments — SEC cybersecurity disclosure, state privacy laws, FCC and PUC actions affecting MBG and its clients
- Map the control set against frameworks customers ask about (NIST CSF 2.0, ISO 27001, HIPAA where relevant)
- Review and respond to customer security questionnaires and risk assessments
- Conduct vendor risk reviews and maintain the third-party register
- Partner with engineering and operations to translate controls into day-to-day practice
Requirements:
- 3+ years in a compliance, risk, or audit role at a SaaS or services organization
- Working knowledge of SOC 2 Type II, NIST CSF 2.0, and one major US privacy regime (CCPA / CPRA) or GDPR
- Hands-on experience operating a GRC tool (Vanta, Drata, Secureframe, OneTrust, or comparable)
- Comfortable reviewing technical controls in collaboration with engineering teams
- Excellent written communication; able to translate controls into plain-language documentation
- US work authorization required
Nice to have:
- Familiarity with telecom regulatory frameworks (FCC, state PUCs, CPNI obligations)
- Exposure to SEC cybersecurity disclosure rules (Item 1.05 of Form 8-K)
- CIPP/US, CIPM, CISA, or CRISC certification
- Prior work supporting an enterprise customer base under contractual security obligations
Benefits:
- Annualized compensation benchmarked to top-quartile US remote part-time market rates
- Healthcare stipend in lieu of group coverage; 401(k) participation with company match
- Accrued PTO and all US federal holidays
- Annual learning & certification budget ($1,500)
- Home-office equipment stipend ($1,200) plus annual refresh budget
- Quarterly virtual team offsites; optional all-expenses NYC HQ visits