Alternate Information Security Compliance Manager

About The Position

Requirements

• HS/ GED
• Five years of relevant cybersecurity experience, including compliance assessment and planning through the STIG and POA&M process.
• Two years working with the RMF, DAAG, NISPOM, JSIG or other equivalent security frameworks.
• Ability to assess security posture by identifying and mitigating vulnerabilities.
• Hold a current Security+ or IAM/IAT II equivalent level certification or will have completed upon start date.
• Strong multitasking skills with attention to detail.
• Relevant education and experience may be substituted as appropriate.
• US Citizen.
• Applicant selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information at the level appropriate to the project requirements of the position.
• Employment is contingent on selected applicant submitting application for access and receiving notification of eligibility within a time period specified in the job offer.
• Employment must begin within 30 days of confirmation of eligibility.
• Eligibility for access to classified information must continue without interruption during employment.

Nice To Haves

• Bachelor's Degree in Computer Science, Cyber Security, or related field.
• Experience as an Auditor, ISSO, ISSE, Security Architect, or Information Security Analyst.
• Held cybersecurity positions in classified DoD environments for 5+ years.
• More than five years working with Linux environments.
• Experience with vulnerability/compliance scanning tools (ACAS/Nessus, Retina, MBSA, SCAP etc.)
• Experience with the implementation of STIG/SRG compliance configurations.
• Eligibility for immediate access to classified information at the level appropriate to the project requirements of the position.

Responsibilities

• Ensuring classified systems follow government and ARL regulations while meeting program demands and operating in an accredited state.
• Assisting in day-to-day IT governance, risk management, and compliance functions.
• Ensuring that classified information systems meet the Risk Management Framework requirements for National Security computing environments as defined by NIST 800-Series, DAAG, JSIG, and other governing bodies.
• Conducting continuous monitoring reviews and self-assessments of classified information systems and their applicable security controls to ensure both government and ARL policy compliance.
• Providing oversight of compliance assurance for the daily administration of information security measures in compliance with NISPOM, DAAG, JSIG, DISA, and other relevant system security requirements, including those under the Risk Management Framework (RMF).
• Assisting in updating and maintaining system level Plan of Action and Milestones (POA&M) through compliance checks, STIG and SCAP reviews, and Nessus Scanning.
• Drafting detailed reports of compliance and self-inspection outcomes for upper management review.
• Managing and maintaining a compliance database, including updating control policy descriptions and control compliance status.
• Supervising a small team of Information Security Compliance Analysts.
• Other related functions as assigned.

Benefits

• 100% employer-paid basic medical coverage
• Retirement contributions
• Paid vacation and sick time
• Paid holidays