Audit Compliance Analyst
MKS2 Technologies, LLC, an award-winning high growth small business, creates innovative and customer-centric technology solutions in the areas of Cyber Security, Instructional Design and Training, Software Engineering and IT Support Services to improve the security and well-being of our clients. Our commitment to excellence and our “Mission First” orientation has resulted in steady growth and an expanding client base across government agencies. We have employees nationwide and for the past three consecutive years were named one of the fastest growing Veteran-owned companies in the nation. Please take a moment to browse through our website and learn more about what it means to serve with MKS2.
Audit/Compliance Analyst: IV (Lead)
Duration: 7//13/2026 (ASAP) - 1/12/2027
Contract Type: Contract to Hire
Onsite or Remote: Onsite Hybrid preferred - open to remote
Location (if onsite): Lynchburg or Richmond
Approximate Conversion Salary: ~$125k (100K- 110K during contract portion) - full benefits during contract and upon conversion
YOUR ROLE
The Policy and Compliance Coordinator is a member of the IT Security Team and supports enterprise information security governance by administering policy and compliance processes, automating control activities, and coordinating evidence and reporting across the organization. This role is execution focused and responsible for end-to-end operational delivery within a defined scope.
What you will be doing
Coordinate and administer the ServiceNow Policy and Compliance modules, ensuring accurate configuration, maintenance, and effective day to day operation
Manage and monitor ServiceNow ITSM oversight ticket queues, ensuring timely intake, triage, tracking, and resolution of catalog, policy, and compliance related requests
Collaborate with Information Security, Risk, Compliance, Legal, Audit, IT, and business stakeholders to support enterprise policy and compliance initiatives
Operationalize and automate policy and compliance lifecycle activities, including policy management, reviews, attestations, continuous monitoring, and control testing
Reduce manual effort through automation, standardization, and improved workflows for evidence collection and control validation
Support a “test once, satisfy many” methodology to streamline compliance efforts across multiple regulatory, audit, and assurance requirements
Implement and maintain continuous monitoring activities to identify policy or control violations and support timely response and remediation
Develop, maintain, and communicate policy and compliance metrics through dashboards and reports for leadership and key stakeholders
Coordinate information and evidence across the organization to support audits, assessments, regulatory inquiries, and internal reviews
Manage competing priorities, short turnaround requests, and tight deadlines while maintaining high quality, accuracy, and attention to detail
Create and maintain standard operating procedures, job aids, and other required documentation
Identify opportunities for process improvement and efficiency and support the implementation of enhancements
Work independently while collaborating closely with team members, application owners, contractors, and business partners
Operate effectively in a distributed, virtual team environment
Maintain a working knowledge of information security policies, standards, and regulatory requirements
Demonstrates the ability to independently execute assigned responsibilities with minimal supervision, managing day to day operational tasks, exercising sound judgment, and escalating issues as appropriate. Accountable for end to end execution within a defined scope.
This is a hands on, execution focused role with direct responsibility for operational delivery
What you bring
Bachelor’s degree in Information Technology, Computer Science, or a related field preferred (In lieu of a degree, demonstrated IT or cybersecurity experience will be considered)
Demonstrated understanding of cybersecurity risks, controls, and industry frameworks (e.g., NIST SP 800 53, NIST Cybersecurity Framework, ISO/IEC 27001)
At least 3 years’ experience with ServiceNow GRC/IRM and ideally ServiceNow ITSM modules
Practical experience applying governance, risk, and compliance (GRC) principles
Familiarity with governance tools such as the Unified Control Framework (UCF) and SIG
Strong collaboration, interpersonal, and communication skills, with the ability to work effectively across technical and non technical stakeholders
Understanding of project management principles and the Software Development Lifecycle (SDLC)
Strong written and verbal communication skills with a focus on clarity, quality, and professionalism
Demonstrated commitment to continuous improvement and process optimization
Additional Qualifications (Good to Have)
Relevant cybersecurity or IT certifications (e.g., Security+, CISA, NIST CSF, PMP, CGRC, CISSP or CISM)
Experience partnering with Risk, Compliance, Legal, and Internal Audit teams
Familiarity with regulatory and assurance frameworks such as HIPAA, Sarbanes Oxley (SOX), NY DFS, SOC 1, and SOC 2
Diversity creates a healthier atmosphere: MKS2 Technologies is proud to be an Equal Employment Opportunity / Affirmative Action employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.