Security Compliance Analyst - U.S. Citizenship Required

About The Position

Requirements

• Due to the nature of the government contract and clearance requirements, U.S. citizenship is required, as well as successful completion of a CGI background check before beginning work.
• In addition, candidates must be able to obtain and maintain a DHS CISA EOD/Public Trust clearance
• Bachelor's degree and up to five years of experience supporting cybersecurity teams for enterprise cybersecurity shared services programs or cloud programs
• Experience with continuous monitoring for moderate- and high‑impact systems
• Working knowledge of the following NIST Special Publications 800‑series (listed in priority): 800‑37 (Risk Management Framework) 800‑53 (Security & Privacy Controls) 800‑18 (System Security Plans) 800‑30 (Risk Assessment) 800‑137 (Continuous Monitoring)
• Knowledge of Federal Information Processing Standards (FIPS), especially FIPS 199 (Security Categorization)
• If no NIST experience, working knowledge of the DoD Information Technology Security Certification and Accreditation Process (DITSCAP) or DoD Information Assurance policy 8500.1 and the RMF
• If no NIST or DITSCAP experience, working knowledge of NSA Information Assurance processes
• Understanding of IT security principles, concepts, policies, and regulations
• Ability to effectively document security controls
• Proficiency with Microsoft Word, Excel, and Microsoft Project

Nice To Haves

• Prior experience supporting an ISSO or security compliance team
• Experience with continuous monitoring and cATO activities
• Familiarity with security tools such as vulnerability scanners, SIEM platforms, or configuration management solutions
• Exposure to cloud environments (AWS, Azure, or GCP) and related security requirements
• Understanding of FedRAMP, FISMA, or agency‑specific compliance frameworks
• Technical background supporting interpretation of control implementations or system architecture
• Experience with CISA’s Continuous Diagnostics and Mitigation (CDM) program

Responsibilities

• Support ISSO team activities related to continuous monitoring and ongoing security compliance
• Conduct security control assessments in alignment with NIST RMF (SP 800‑53, 800‑37) and federal security requirements
• Support the development and execution of security impact assessments to evaluate system changes and their effect on system risk posture
• Assist with maintaining and updating system security documentation, including SSPs, POA&Ms, and security control evidence
• Perform routine security reviews, vulnerability tracking, and control assessments
• Help evaluate system categorization and control selection in alignment with FIPS 199 and NIST RMF guidelines
• Coordinate with technical teams to gather security evidence and ensure continuous monitoring requirements are met
• Track and report on security risks, remediation progress, and compliance status
• Support preparation for audits, assessments, and internal security reviews
• Participate in the system lifecycle process by integrating NIST 800‑37 Risk Management Framework (RMF) activities into appropriate phases
• Conduct risk and vulnerability assessments related to system architecture changes

Benefits

• Competitive compensation
• Comprehensive insurance options
• Matching contributions through the 401(k) plan and the share purchase plan
• Paid time off for vacation, holidays and sick time
• Paid parental leave
• Learning opportunities and tuition assistance
• Wellness and well-being programs