Security/Compliance Manager #1689024

About The Position

Requirements

• U.S Citizenship required.
• Must be able to obtain and maintain a Public Trust clearance
• This position is remote but may require occasional onsite meetings in McLean, VA.
• You can be based out of following states: AZ, DC, FL, GA, OH, ME, MD, SC, TX, UT, VA, NC, OK, WV.
• Bachelor's Degree in Cybersecurity, Information Technology, Information Assurance, or a related field.
• At least 7 years of experience in security compliance, RMF, or federal cybersecurity roles.
• Strong experience with RMF control implementation and assessment.
• Experience managing ACAS vulnerability scanning and reporting.
• Experience with SCAP compliance checks and STIG application.
• Hands-on experience with eMASS documentation and POA&M management.
• Experience overseeing HBSS/ESS host security monitoring.
• Experience reviewing Nessus/Tenable plugin results and coordinating remediation.
• Experience supporting continuous monitoring aligned with FISMA and ATO requirements.
• Experience managing audit log retention and review across Oracle DB, Oracle WebLogic, and Kubernetes platforms.
• Experience enforcing privilege and access control alignment with VA baseline standards.
• Strong organizational, analytical, and communication skills.
• Ability to lead cross-functional teams and manage multiple compliance priorities.

Nice To Haves

• Experience supporting VA systems or other federal agency environments.
• Experience managing security compliance across large, multi-team delivery programs.
• Relevant certifications such as CISSP, CISM, or equivalent federal cybersecurity certifications

Responsibilities

• Oversee implementation and maintenance of security controls across VESEE systems and environments.
• Ensure alignment of security practices with VA cybersecurity, privacy, and regulatory requirements.
• Lead RMF control implementation, assessment coordination, and ongoing control effectiveness monitoring.
• Oversee SCAP compliance checks and STIG application activities.
• Coordinate ACAS vulnerability scanning, reporting, and remediation tracking.
• Manage continuous monitoring workflows aligned with FISMA and VA ATO sustainment requirements.
• Ensure security posture is maintained through regular assessments, scans, and evidence collection.
• Oversee eMASS control package documentation, updates, and submissions.
• Manage POA&M development, tracking, and remediation coordination.
• Review ACAS and Nessus/Tenable scan outputs.
• Coordinate remediation activities across technical teams and track resolution status.
• Ensure vulnerabilities are prioritized and addressed in accordance with VA policies.
• Oversee host-based security monitoring using HBSS/ESS.
• Ensure audit log retention and review requirements are met across Oracle DB, Oracle WebLogic, and Kubernetes container platforms.
• Ensure privilege and access controls align with VA baseline standards.
• Oversee review and validation of role assignments and access enforcement.
• Prepare and review security and compliance reports for VA stakeholders.
• Ensure accurate evidence collection to support audits, assessments, and ATO sustainment.
• Provide guidance and direction to delivery teams on security and compliance expectations.
• Serve as the primary point of coordination between engineering teams, compliance staff, and VA security stakeholders.

Benefits

• comprehensive health, dental, vision, pet, and legal insurance
• 401(k) retirement matching
• paid leave
• paid holidays
• health and wellness programs
• employer-paid life and disability insurance
• professional development
• education benefits