IT Security Compliance Specialist (0036)
About The Position
IT Security Compliance Specialist (0036) OCT Consulting is a business management and technology consulting firm that provides support to Federal Government clients. We provide consulting services in the areas of Strategy, Process Improvement, Change Management, Program and Project Management, Acquisition/Procurement, and Information Technology. OCT is currently looking for an IT Security Compliance Specialist . This is a hybrid position requiring at least 3 days per week onsite in Suitland, MD. The ideal candidate will be proficient in key areas of security such as: Vulnerability Management, Intrusion Prevention and Detection, Access Control and Authorization, Policy Enforcement, Application Security, Protocol Analysis, Firewall Management, Incident Response, Data Loss Prevention (DLP), Encryption, Two-Factor Authentication, Web filtering, and Advanced Threat Protection.
Requirements
- 7+ years experience with A&A support.
- Proficient in all steps in the NIST RMF framework
- Knowledgeable in NIST special publications such as 800-53 & 800-53A
- Bachelor's degree or equivalent experience.
- Must have at least one of the following certifications: CAP, GIAC, GSLC, CISM, CRISC, CISSP, or CASP
- Must be a US Citizen.
- Must be able to obtain and maintain a Public Trust Clearance (the investigation will involve a credit, fingerprint, and law enforcement agency check).
Responsibilities
- Analyze management and technical controls to ensure that specific security and compliance requirements are met through the verification of documented processes, procedures, and standards in order to validate the maintenance of secure configurations.
- Map requirements and regulatory requirements across the Risk Management Framework (RMF) information security framework to identify overlapping requirements and compliance efficiencies.
- Track enterprise compliance across multiple security frameworks including Service Organization Control Type 2 (SOC 2), National Institute of Standards and Technology (NIST), and Federal Information Security Management Act (FISMA) and maintain up-to-date records of requirements and corresponding mitigating controls.
- Monitor third-party risk assessments and assist in performing internal risk assessments.
- Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle.
- Monitor change management process to ensure compliance.
- Develop key performance metrics to track and ensure compliance with established policies and standards.
- Support the development of security processes and procedures and support service-level agreements to ensure that security controls are managed and maintained.
- Participate in the development of security and privacy awareness training in conjunction with other members of the Security Compliance group.
Benefits
- Medical, Dental, and Vision insurance
- Retirement savings 401K plan provided by an industry-leading provider with 3% employer contributions.
- Paid Time Off
- Life Insurance, Short- and Long-Term Disability benefits
- Training Benefits
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Number of Employees
101-250 employees
