Cyber Compliance Officer

About The Position

Requirements

• 7–10+ years in cybersecurity or IT security with increasing responsibility.
• Experience leading RMF packages through ATO for DOD systems.
• Demonstrated experience supporting CMMC, NIST SP 800-171, FISMA, and related federal cybersecurity compliance frameworks.
• Experience managing IATO/ATO and IATT/ATT processes.
• Experience conducting cybersecurity audits and maintaining compliance documentation.
• Demonstrated ability to manage teams and coordinate across engineering, operations, and leadership in fast paced environments.
• Experience with classified systems: SIPR, JWICS/CWAN, SCI enclaves or equivalent secure environments.
• Executive communication and risk translation for non-technical leaders.
• Ability to build a culture of compliance without slowing operations.
• Strong documentation discipline and attention to detail including development and maintenance of annual cybersecurity training, workforce compliance reports and associated policies and procedures
• Stakeholder management across engineering, operations, and mission owners.
• Strategic thinking: aligning cybersecurity with mission outcomes.
• Cybersecurity Frameworks & Policy including System Security Plan (SSP) Security Assessment Plan (SAP) & Report (SAR), POA&M management, Continuous Monitoring Strategy, Configuration Management Plan and Incident Response Plans.
• Knowledge of NIST RMF (SP 800 37), NIST SP 800 53 security controls, NIST SP 800 171 (CUI), DoD 8500-series (e.g., DoDI 8500.01, DoDI 8510.01), DON CIO cybersecurity policy, CNSSI 1253, 1254, FedRAMP.
• Bachelor’s or Master’s degree in a STEM-related field (e.g., Computer Science, Information Systems, Engineering, Cybersecurity, or related discipline).
• IAM Level III (typical ISSM requirement) ie CISSP (most common), CISM, GSLC or CCISO (less common but accepted) certification required at time of hire or within 12 months of hire
• U.S. Citizenship required
• No dual citizenship
• Active DOD TS clearance is required
• Active TS SCI preferred

Responsibilities

• Lead the Risk Management Framework (RMF) lifecycle for assigned systems.
• Maintain the System Security Plan (SSP) and all RMF artifacts.
• Ensure continuous monitoring, POA&M management, and annual reviews.
• Coordinate with AO, SCA, ISSO, and system owners.
• Lead corporate cybersecurity compliance initiatives including CMMC (32 CFR Part 170), NIST SP 800-171, FISMA, CSIP, and related regulatory frameworks.
• Support project-level compliance activities as needed, including RMF documentation and validation efforts.
• Manage IATO/ATO and IATT/ATT processes and documentation.
• Conduct internal auditing and readiness assessments to ensure compliance posture.
• Ensure timely documentation updates across all security artifacts and compliance records.
• Develop and enforce cybersecurity policies and procedures.
• Oversee ISSOs and ensure proper execution of security tasks.
• Manage cybersecurity workforce qualifications (DoD 8140/8570).
• Conduct internal audits and readiness assessments.
• Lead incident response planning and ensure preparedness across corporate and project environments.
• Validatesystem configurations against STIGs and security baselines.
• Ensure vulnerability scanning, patching, and remediation.
• Oversee secure system design, integration, and change management.
• Approve or deny system changes from a cybersecurity perspective.
• Identify, document, and communicate cybersecurity risks.
• Recommend mitigations and risk acceptance strategies.
• Prepare risk briefings for leadership and the Authorizing Official.
• Coordinate with the Cybersecurity Service Provider (CSSP).
• Ensure proper detection, reporting, and remediation of incidents.
• Maintain incident logs and after-action documentation.
• Develop and maintain formal incident response plans and tabletop exercises.