The GRC world is about to change. AEGIS is a next-generation intelligence platform engineered from the ground up for government — purpose-built to transform how agencies govern risk, demonstrate compliance, and defend their attack surface in an era where threats evolve faster than frameworks.
Thirty years of institutional GRC knowledge, distilled into a platform that thinks, adapts, and acts — giving security leaders the clarity, confidence, and command they’ve never had before. AEGIS doesn’t just report your posture. It shapes it.
“As we continue to witness AI’s exponential evolution in today’s world, AEGIS is exactly what every single agency and institution needs… it’s going to be a game changer!”
Deepak Matneja
Founder & CEO, Global Technology Services (GTS911)
For the first time, government security leaders will have a single intelligence layer connecting external threat exposure to internal compliance posture — in real time, with no manual effort.
Capability 01
Continuous Attack Surface Intelligence
AEGIS watches the perimeter agencies don’t know they have — mapping exposure across digital assets, cloud infrastructure, and supply chain touch points continuously, not quarterly.
Capability 02
AI-Driven Compliance Mapping
Every discovered risk is automatically mapped to governing frameworks — NIST 800-53, CJIS, IRS 1075, FedRAMP — so auditors see evidence, not spreadsheets.
Capability 03
Executive Decision Intelligence
AEGIS translates technical risk into executive language — giving CISOs, CIOs, and agency directors the situational awareness to make risk decisions with confidence, not guesswork.
Capability 04
Zero-Friction Audit Readiness
The days of scrambling before an IRS or CJIS audit are over. AEGIS maintains a living body of evidence — continuously updated, audit-formatted, and ready on demand.
Capability 05
Government-Native Architecture
Built for the public sector from day one — not retrofitted from commercial tooling. AEGIS understands compliance mandates, procurement realities, and mission context unique to government.
Capability 06
Proprietary GRC Intelligence Engine
Thirty years of GRC institutional knowledge, encoded. AEGIS surfaces insights no analyst team could produce at scale — before the risk becomes a finding.
GTS911 is growing. We hire seasoned GRC professionals who want to do the most meaningful work of their careers — protecting the agencies and institutions that protect the public.
All OpeningsGRCCybersecurityComplianceFederalRemote
Priority Hiring — Immediate Need
We are actively hiring an Information Security Officer.
GTS911’s most critical open role. Serve as the designated security liaison embedded within a state agency, owning the full information security program — from risk assessments and audit readiness to incident response and executive reporting. High-visibility, high-impact role for a security professional who thrives at the intersection of governance, risk, and operational execution.
Lead multi-framework GRC programs for government clients. Own deliverables, drive stakeholder alignment, and translate regulatory complexity into operational action.
Remote — United States · $95,000 – $130,000 / year · Posted May 15, 2026
▲ PriorityNewRemote
Compensation
$95,000 – $130,000
Reports To
Security Assurance Director
Location
Remote — US
Start Date
Immediate — ASAP
About This Role
The Information Security Officer (ISO) serves as the designated security liaison embedded within a state agency or institution, responsible for implementing and monitoring a comprehensive information security program aligned to statewide policies and federal mandates.
As the primary coordination point between the agency and the State Information Security Office, the ISO ensures leadership, staff, and stakeholders meet statutory, regulatory, and policy obligations — while driving a culture of security accountability from the inside out. High-visibility, high-impact role for a security professional who thrives at the intersection of governance, risk, and operational execution.
Key Responsibilities
Own the agency security program roadmap and annual plan, developing policies aligned to statewide directives and federal mandates (IRS 1075, CJIS, HIPAA, SSA)
Conduct and coordinate agency-level risk assessments, maintain risk registers, and report exceptions and mitigation plans to agency leadership
Serve as primary contact for cybersecurity incidents — coordinating investigation, containment, remediation, and after-action reviews with the State Information Security Office
Manage evidence collection, control mappings, system security documentation, and data classification inventories to support audits and compliance attestations
Enforce least privilege and strong authentication practices; support periodic access reviews and IAM governance
Champion security awareness through statewide training and agency-level initiatives
Represent the agency in statewide ISO councils, working groups, and collaborative security forums
Provide regular security status reports to agency executives and the State Information Security Office
Required Qualifications
Bachelor’s degree in cybersecurity, IT, business administration, or equivalent experience
Minimum 3 years in information security, IT risk, audit, compliance, or security operations
Working knowledge of NIST CSF, NIST SP 800 series, IRS 1075, CJIS, HIPAA, and related frameworks
Experience conducting security assessments, audits, or compliance reviews in government or regulated environments
Strong written and verbal communication skills — comfortable presenting to executive audiences
Preferred Qualifications
Master’s degree in cybersecurity, information assurance, or public administration
Active certification: CISSP, CISM, CISA, CRISC, or Security+
Prior experience in a multi-agency or shared-services government environment
Hands-on exposure to SIEM, EDR, vulnerability scanning, IAM/MFA, GRC tools, and ticketing systems (Jira, ServiceNow)
Why GTS911
Mission that matters — Your work directly protects public sector institutions and the citizens they serve
30+ years of institutional GRC expertise behind you — you are never working alone
Senior-led engagements — real mentorship and professional development from day one
Competitive compensation with performance bonuses and certification support budget
Remote-first with flexibility and autonomy to do your best work
Submit a resume and brief statement of interest to recruitment@gts911.com. Please include ISO — [Your Name] in the subject line. GTS911 is an equal opportunity employer committed to diversity in the security profession.
AI
AEGIS Recruit
Candidate Intelligence Engine — ISO Role
Live Session
✓
Intro
›
2
Experience
›
3
Frameworks
›
4
Scenarios
›
5
Fit
Upload Resume / CV
PDF, Word, or TXT — AI extracts your profile instantly. No manual entry.
AI
Welcome to GTS911’s AI-powered candidate screening for the Information Security Officer (ISO) role.
You can upload your resume above and I’ll extract your profile automatically — or just talk to me naturally. I’ll build your candidate profile in real time as we speak.
To get started: what’s your name, and how many years have you been working in information security or GRC?
Screening in progress — signals will appear as conversation develops
Governance · Risk · Compliance · Cybersecurity
Thirty Years ofGRC Authority.One Trusted Partner.
GTS911 is the GRC institution built for government and enterprise. We translate complex regulatory mandates into operational security programs — with a track record spanning three decades across federal, state, DoD, and private sector environments.
Not advisory fluff. Operational GRC programs built from the ground up — engineered for audit survivability, regulatory precision, and executive accountability.
01 — Governance
Security Governance & Policy Architecture
Comprehensive policy suites, governance frameworks, and committee structures designed to align security programs with organizational mission — and satisfy federal and state oversight requirements.
NIST 800-53NIST CSF 2.0ITEC 7000FISMA
02 — Risk
Enterprise Risk Assessment & Management
Structured risk identification, likelihood/impact analysis, and POA&M-driven remediation programs — aligned to RMF and producing the artifact packages federal and state auditors demand.
RMFNIST 800-30POA&MATO Lifecycle
03 — Compliance
Multi-Framework Compliance Programs
Simultaneous compliance across overlapping mandates — IRS Pub 1075, CJIS, HIPAA, FedRAMP, and StateRAMP — using a unified control mapping strategy that eliminates redundant assessment effort.
IRS 1075CJIS v6.0HIPAAFedRAMPStateRAMP
04 — Authorization
ATO & Cloud Authorization Services
End-to-end Authorization to Operate support — SSP development, boundary definition, control implementation testing, and coordination with 3PAOs — for cloud and on-premise systems.
FedRAMPGovRAMPStateRAMPCMMC 2.0
05 — Operations
Continuous Monitoring & ISSO-as-a-Service
Embedded security officers and automated continuous monitoring pipelines — Splunk, Tenable, CrowdStrike, Tanium — with executive dashboards and monthly compliance posture reporting.
ISCMCMaaSSplunkTenableCrowdStrike
06 — Assurance
Audit Readiness & Third-Party Assessment
IRS LPA/SCA readiness programs, CJIS triennial audit preparation, and independent control validation — producing evidence packages that turn audit cycles from crises into routine events.
IRS LPASCACJIS AuditSOC 2
Our Heritage
Three Decades of Institutional Trust
1990s
Private Sector Foundations
Early career building enterprise security and governance programs for Fortune 500 organizations — establishing the risk frameworks and policy discipline that define GTS911’s methodology today.
2000s
Federal Compliance Entry
Expanded into federal civilian and DoD environments, delivering FISMA compliance programs and RMF implementations as regulatory complexity accelerated post-9/11.
2010s
Whole-of-State Security
Built multi-agency security governance programs for state governments operating on shared platforms — pioneering the cross-agency GRC model now standard practice.
2020s
GRC Innovation at Scale
Integrating AI-powered attack surface management and automated compliance tooling into GRC programs — delivering the future of governance without abandoning proven methodology.
Certifications & Credentials
CISSPSecurity Leadership
CISMInformation Security Mgmt
CAP / CGRCRMF Authorization
CMMC-ABDoD Certified Assessor
PMPProgram Management
GSA ScheduleIT 70 Contract Vehicle
SAM.govFederal Registered Entity
Markets Served
Every Tier of Government & Enterprise
GTS911’s GRC practice spans the full public sector landscape — and the private organizations that serve it.
⚖
Federal Civilian Agencies
FISMA-compliant security programs, continuous monitoring, ATO lifecycle management, and executive reporting for OMB-reporting civilian departments.
Whole-of-state security governance for executive branch agencies — including IRS Pub 1075, CJIS, HIPAA, and StateRAMP compliance across shared Microsoft 365 environments.