Enterprise Cybersecurity Federal Compliance ISSO

About The Position

Requirements

• 10+ years of experience in cybersecurity or GRC
• Experience in cybersecurity roles such as Security Control Assessor (SCA), Validator, Information System Security Officer (ISSO), Information System Security Engineer (ISSE), or Information Systems Security Manager (ISSM)
• Experience with security controls alignment, and assessment against CMMC, National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, NIST SP 800-171 rev. 2 and rev. 3, Risk Management Framework (RMF), Federal Information Processing Standards (FIPS) 199, FIPS 200 and associated SPs, and Federal Risk and Authorization Management Program (FedRAMP)
• Experience translating CMMC Level 3, NIST SP 800-171, and NIST SP 800-172 requirements into actionable engineering directives
• Experience leading the validation of evidence requirements for Level 2 and Level 3 assessments
• Experience meticulously analyzing environment records, and identifying compliance gaps in complex systems, and driving remediation
• Experience managing the full risk lifecycle, from identification to implementation of risk reducing strategies and final closure, using both qualitative and quantitative frameworks
• Experience performing in-depth continuous monitoring and assessment of cybersecurity controls, evidence, and scan results to evaluate effectiveness and ensure continuous compliance
• Experience partnering with IT, operations, and delivery teams to provide expert guidance, drive GRC initiatives, and foster a culture of awareness and knowledge for security compliance
• Experience leveraging GRC automation platforms, such as eMASS, ServiceNow, RSA Archer, CSAM, or Telos Xacta
• Ability to develop, maintain, and communicate metrics and reports regarding compliance and vulnerability management
• HS diploma or GED
• U.S. citizenship is required

Nice To Haves

• Ability to work independently and manage resources effectively to drive successful outcomes
• Ability to negotiate, influence stakeholders, and drive issues to closure
• Ability to engage senior and executive leadership
• Ability to assess complex issues, draw logical conclusions, and make sound decisions
• Possession of excellent communication and collaboration skills
• Possession of excellent analytical thinking and problem solving skills
• Bachelor’s degree
• GIAC, ISC2, ISACA, CMMC Certified, or PMI certification

Responsibilities

• Audit controls and actively engineer compliance.
• Review and assess technical and environmental details and providing a hands-on approach to ensure security compliance and regulatory requirements are achieved.
• Collaborate with cross-functional teams across the Booz Allen enterprise and client teams.
• Translate CMMC Level 3, NIST SP 800-171, and NIST SP 800-172 requirements into actionable engineering directives.
• Lead the validation of evidence requirements for Level 2 and Level 3 assessments.
• Meticulously analyze environment records, and identifying compliance gaps in complex systems, and driving remediation.
• Manage the full risk lifecycle, from identification to implementation of risk reducing strategies and final closure, using both qualitative and quantitative frameworks.
• Perform in-depth continuous monitoring and assessment of cybersecurity controls, evidence, and scan results to evaluate effectiveness and ensure continuous compliance.
• Partner with IT, operations, and delivery teams to provide expert guidance, drive GRC initiatives, and foster a culture of awareness and knowledge for security compliance.

Benefits

• health, life, disability, financial, and retirement benefits
• paid leave
• professional development
• tuition assistance
• work-life programs
• dependent care
• recognition awards program