Compliance Specialist / Cloud ISSO

About The Position

Requirements

• 5+ years’ experience as a Cloud Information Security Officer or similar role, with a strong background in cloud security and infrastructure.
• Deep understanding of cloud platforms, such as AWS, Azure, and Google Cloud, and experience in implementing federal security controls within these environments.
• Knowledge of regulatory requirements and industry standards related to cloud security.
• Strong analytical and problem-solving skills, with the ability to assess and address security risks effectively.
• Excellent communication skills to interact with technical and non-technical stakeholders.
• Ability to work independently and collaboratively in a fast-paced, evolving environment.
• Understanding of cloud and cloud security concepts
• Experience with FedRAMP authorizations
• Experience with Enterprise Architecture
• Understanding of Cloud architectures and environments and control selection available to be inherited from a parent/child system relationships.
• Understanding of Cloud provided architectures and tools within the (AWS, Azure, AWS, and IBM framework).
• Understanding of FISMA requirements
• Understanding of the NIST Risk Management Framework
• Familiarity with the NIST security control catalog
• Experience supporting Federal Government High to Moderate Systems
• Understanding of the NIST Cybersecurity Framework
• Ability to provide technical expertise to assist Stakeholders to implement security enterprise tools required by the agency and parent agencies
• Must be organized, timely, and customer-service oriented
• Proficient in time management
• Ability to work well independently and in a team setting
• Adaptability, flexibility and ability to deal with ambiguity and change
• Excellent oral and written communication and customer service skills
• Excellent analytical skills and attention to detail

Responsibilities

• Assist in implementing the FISMA Compliance program including managing systems security authorizations for all of the agency’s cloud IT systems serving as the Information Systems Security Officer (ISSO).
• Develop and implement comprehensive cloud security strategies, policies, and procedures to protect the organization’s cloud-based information systems.
• Collaborate with cross-functional teams to assess security requirements, design security controls, and ensure secure cloud infrastructure deployment.
• Monitor and analyze cloud security incidents, vulnerabilities, and respond promptly to mitigate risks.
• Conduct and participate in regular security assessments of cloud environments to identify potential weaknesses and recommend improvements to stakeholders.
• Stay up-to-date with the latest industry trends, emerging threats, and best practices in cloud security to continuously enhance the organization’s security posture.
• Collaborate with stakeholders to ensure compliance with current regulations and standards (e.g., FISMA, NIST, FedRAMP).
• Provide expert guidance on security architecture and design for cloud-based applications.
• Evaluate and provide technical recommendations on approaches and techniques to the Cloud implementation teams.
• Assist customers with information on emerging cloud and innovative technologies on how they can be adopted within the framework of a cloud topology.
• Support the development of a security focused cloud architectural strategy and framework that maps cloud service offerings and provides critical technical feedback and recommendations on areas of improvements for child systems to inherit.
• Support Cloud Provisioning, Orchestration, and FISMA compliance for the different cloud services; Azure, AWS, and IBM.
• Hands-on cloud based cyber security monitoring tools experience, conduct and evaluate/analyze vulnerability results from the following set of tools to include but not limited to Tenable.sc, Nessus, BigFix, Arcsight, and WebInspect.
• Ability to manage and identify vulnerabilities, risks, and recommend needed protection as it relates to information systems.
• Oversees and support all Assessment & Authorization (A&A) activities to include reviewing team work products/deliverables for consistency and completeness
• Ensure IT systems have appropriate baseline security controls in place and functioning properly in accordance with NIST 800-53A publication.
• Ability to provide IT security guidance and recommendation in all aspects of security.
• Ability to evaluate compliance of various information system core documents such as the SSP, BIA, CP, CPTR, PTA/PIA, FIPS 199/200 and other relevant security documents (Network Diagrams).
• Maintain mechanisms to manage and track corrective actions activities (POA&Ms) through development of artifacts and security documentation and ensure timely closure of Plan of Action and Milestones (POA&Ms).
• Respond to IT security requests for information, data calls, & metrics.
• Participate in formal and in-formal management planning meetings; constantly briefing both technical and non-technical stakeholder of system security statuses.
• Ability to Identify, Report, and Resolve security violations.
• Recommend technical solutions and provide input to policy development
• Support working groups on specific projects

Benefits

• PTO including paid parental, military, and bereavement leave
• Eleven (11) paid Federal holidays, five of which are floating holidays (as designated by the company’s holiday schedule each year)
• Health and Dental Insurance (including 100% employer paid premiums for employee coverage under the HDHP health plan)
• Life Insurance, STD/LTD term disability coverage, with employer paid premiums
• 401 (k) plan with a match that is 100% vested after you complete two years of service
• FSA/DFSA/HSA flexible benefit plans
• Annual Tuition & Professional Development Reimbursement benefit