Cybersecurity Governance & Compliance Lead (PL)

About The Position

Requirements

• Active Secret Clearance and Bachelor’s degree in Information Technology, Cybersecurity, or a related field.
• Active DoD 8570 IAT Level II certification or greater, including at least one of the following certifications in good standing: CCNA Security, CySA+, GICSP, GSEC, Security+ CE, CND, SSCP, CASP+CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, or CCSP.
• 8+ years of relevant IT or Cybersecurity experience, including 4+ years of hands-on expertise managing the Assured Compliance Assessment Solution (ACAS) suite throughout its lifecycle.
• DISA ACAS certified.
• Strong knowledge of Linux and Windows operating systems, with proficiency in scripting languages like Bash and Python.
• Experience in vulnerability management, including interpreting and remediating ACAS scan results.

Nice To Haves

• Deep understanding of Information Technology (IT) systems configuration within the Department of Defense (DoD) and extensive hands-on experience with ACAS tools.
• Familiarity with tools such as ESS, Microsoft Defender, Splunk, Tanium and Burp Suite capabilities.

Responsibilities

• Act as the primary point of contact for the design, development, and implementation strategy for the Assured Compliance Assessment Solution (ACAS) in support of meeting security objectives for cloud infrastructure and enterprise networks environments.
• Provide cross-functional collaboration amongst cybersecurity service support teams for routine and event-oriented activities.
• Lead configuration and optimization of ACAS policies, writing scripts (Bash, Python), and performing root cause analysis to resolve issues.
• Manage vulnerability policies, custom alerts, scan policies, and ticketing workflows.
• Cross-reference weekly IAVM compliance reports with ACAS scan results to identify and remediate vulnerabilities.
• Support cybersecurity reviews and audits to ensure systems meet DoD 8140 and 8570 compliance standards.
• Lead and support ISSO activity task to ensure proper documentation for Authority to Operate (ATO) and Continuous Monitoring are maintained and updated.
• Lead cross-functional activities to assess operational impact of enterprise systems as identified in U.S. Cyber Command and Joint Force Headquarters directives.
• Lead and manage teams in the generation and maintenance of cybersecurity RMF artifacts such as System Security Plans, POA&M, and security CONOPS.
• Regularly review and update vulnerability management processes and procedures based on lessons learned from routine and event-oriented incidents.

Benefits

• Comprehensive plans for medical, dental, vision, life insurance, and short-term/long-term disability.
• Inclusive policies for bereavement, military obligations, and parental needs, along with 11 paid holidays annually.
• A 401(k) plan with a generous company match and immediate vesting.
• Employee referral bonuses.
• Professional development program including funding for degrees and certifications.