Sr. Cybersecurity Compliance Analyst

About The Position

Requirements

• Bachelor’s Degree in Information Security or in a security related field or equivalent experience that provides the necessary knowledge, skill and abilities.
• 10+ years of experience implementing cybersecurity policy and security controls for enterprise information technology systems.
• Have a strong working knowledge of NIST SP 800-171 or 800-53, and the ability to support risk-based decisions to ensure compliance across the enterprise.
• Have working knowledge of CMMC and/or possess a CyberAB CMMC-related credential, such as CMMC Certified Professional (CCP) or CMMC Certified Assessor (CCA).
• Have a current industry cybersecurity certification (e.g., CISSP, Security+, etc.).
• Experience serving as a SME in compliance, providing mentorship on regulatory requirements, ensuring policy adherence, and supporting audits, assessments, and risk mitigation initiatives.
• Demonstrate ambition to further current knowledge and understanding by exploring new concepts and applying to cyber security.
• Hold an active Secret security clearance. If selected, you will be subject to a government security clearance investigation and must meet the requirements for access to classified information. Eligibility requirements include U.S. citizenship.

Nice To Haves

• Possess a Master’s Degree in Information Security or in a security related field or equivalent experience that provides the necessary knowledge, skill and abilities.
• Understand and have general familiarity with the following regulatory standards: Have working knowledge of Federal Information Security Management Act (FISMA);
• Federal Risk and Authorization Management Program (FedRAMP);
• DISA’s Cloud Computing Security Requirements Guide (CC SRG);
• Health Insurance Portability and Accountability Act (HIPAA), and;
• Personal Health Information/Personally Identifiable Information (PHI/PII).
• Demonstrate the ability to lead and manage complex projects, including planning, execution, resource coordination, risk mitigation, and timely delivery across multi-functional teams.
• Possess working knowledge of GRC tools used to manage risk assessments, track compliance activities, and generate reports that support governance and regulatory obligations.

Responsibilities

• Work in the Information Technology Service Department (ITSD) and serve as an unclassified compliance Subject Matter Expert (SME) for the Laboratory, its Mission Areas, Sectors and Departments.
• Your primary responsibilities are aligned to supporting compliance with the Cybersecurity Maturity Model Certification (CMMC) Program, NIST SP800-171 and SP800-172, as well as other compliance regulations applicable to unclassified information and systems.
• Assist the Compliance Program and InfoSec Compliance supervisor by contributing to the development, implementation and regularly updating applicable security policies, procedures, and controls to meet CMMC and NIST SP800-171 and SP800-172 requirements while balancing against Mission needs in a research and development environment.
• Conduct assessments of systems and components against regulatory requirements, as well as processes, policies and procedures to identify compliance gaps and risks.
• Support Sector/Department specific information system compliance activities such as applicable audit reviews, serving as a member of the change control board representing the compliance program, etc.
• Prepare and maintain System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), supporting artifacts, and other compliance-related documentation.
• Assist the Compliance Program and InfoSec Compliance supervisor in disseminating guidance and providing support to system owners and other stakeholders on compliance requirements, and contribute to employee security awareness training programs.
• Help manage and support both internal and external audits and assessments related to CMMC, NIST SP800-171, Privacy & Health Controls, and other cybersecurity and compliance-related activities.

Benefits

• Our employees enjoy generous benefits, including a robust education assistance program, unparalleled retirement contributions, and a healthy work/life balance.