Cybersecurity Jobs by Framework

Browse cybersecurity roles by the regulatory framework they require or mention. Useful when you have certification or hands-on experience with a specific standard.

Global

ISO 27001

Information security management

ISO/IEC 27001 is the international standard for information security management systems (ISMS). Certification

United States

SOC 2

Service-organization controls

SOC 2 reports on Trust Service Criteria (security, availability, processing integrity, confidentiality, privac

HIPAA

Healthcare privacy & security

HIPAA governs protected health information (PHI) in the US. Updated Security Rule expectations and OCR enforce

European Union

DORA

Financial services operational resilience

The Digital Operational Resilience Act applies to EU financial entities and their critical ICT third parties.

NIS2

Critical infrastructure cybersecurity

The NIS2 Directive expanded the scope of EU cybersecurity rules to thousands more "essential" and "important"

GDPR

Data protection & privacy

The General Data Protection Regulation is the EU privacy regime in force since 2018. DPO appointments, data-su

Global (payment industry)

PCI-DSS

Payment-card data security

PCI-DSS applies to any organization that stores, processes, or transmits cardholder data. Version 4.0 mandates

California, US

CCPA / CPRA

Data protection & privacy

CCPA (and its CPRA expansion) is the California consumer privacy regime. State privacy laws now adopted in 20+

United States (de facto global)

NIST CSF

Cybersecurity framework

NIST Cybersecurity Framework (now 2.0) is widely adopted as the reference framework for cybersecurity programs

United States Federal

FedRAMP

Cloud authorization

FedRAMP is the US federal government cloud-authorization program. Roles cluster around CSPs serving federal cu

United States DoD supply chain

CMMC

Defense cybersecurity certification

CMMC (Cybersecurity Maturity Model Certification) applies to the US Defense Industrial Base. Drives compliance

North America (electric utilities)

NERC CIP

Critical infrastructure cybersecurity

NERC CIP is the cybersecurity standard for the bulk electric system in North America. Concentrated, specialty

Stay ahead of the curve. Get new infosec jobs in your inbox: