Compliance Officer Sr.

Job Title: Compliance Officer Sr.

We are seeking a highly skilled Compliance Officer Sr. to join our team at Zermount, Inc. in Arlington, VA.

Job Summary:

The Compliance Officer Sr. will be responsible for performing complex risk analyses and ensuring systems and technologies satisfy Information Assurance (IA) and Cybersecurity requirements. This includes providing Plan of Actions and Milestones (POA&M) management, conducting FISMA Compliance meetings, and working with Information Systems Security Officers (ISSO), System Owners (SO), stakeholders, and leadership to meet performance and scorecard metrics.

Key Responsibilities:

• Perform Compliance reviews and analyses to verify compliance with federal requirements.
• Conduct daily, weekly, monthly compliance monitoring of assigned systems for all RMF steps.
• Conduct compliance assessments of assigned systems, based on the Zermount approved Compliance Support Services Framework.
• Execute day-to-day FISMA compliance monitoring, ensuring that all FISMA activities, including Information Security Continuous Monitoring (ISCM), Continuous Diagnostic and Mitigation (CDM), and FISMA program activities assigned are prioritized correctly, completed on schedule, and are in accordance with Agency and organizations policies.
• Research major obstacles related to the ever-changing FISMA requirements, which customers will need to overcome and provide recommendations.
• Track system ATO status, security documentation expirations, Information Security Vulnerability Management (ISVM) compliance, DHS Performance Plan requirements, audit efforts, and CDM support efforts.
• Conduct analysis of system level POA&Ms and provide guidance and recommendations on potential mitigation to close current or delayed POA&Ms.
• Track and report on whether assigned systems have mitigated their weaknesses on time using the appropriate processes and reporting timelines.
• Track and report on whether mandated FISMA activities are being executed in accordance with the current DHS Information Security Performance Plan (ISPP) for the fiscal year.
• Provide compliance monitoring metrics and reporting to Agency leadership.
• Review the DHS Scorecard, for each assigned system, conduct analysis, and generate "Get to Green" reports.
• Conduct Get-to-green meetings with SOs and ISSOs, provide status, deficiencies, recommendations, and document action items with estimated completion dates (ECDs) with the goal of improving system scores within the DHS Scorecard.
• Manage ISVM alerts and bulletins for TSA systems to include tracking, distributing, and providing reports.
• Support systems of responsibility to ensure all ISCM and CDM requirements are met and mitigations for failing requirements are identified and discussed to ensure a plan is established to meet all requirements defined. Provide monthly reports with action items for stakeholders and leadership.
• Create briefings and reports, as required for, but not limited to the following items: high-valued assets, ISVMs, POA&Ms, system scores (FISMA & ISCM).
• Provide input into the GRC presentations for monthly ISSO Townhall training, as required by management or the Communications & Training Team Lead.
• Provide updates and input to the GRC SharePoint sites to include document uploads, page updates, access requests, permissions, etc. on an ongoing basis.
• Create or update existing templates for memos, risk assessments, disposal packages, to standardize and simplify the process.
• Conduct system compliance assessment to identify progress on ATO conditions, develop extension packages as required annotating analysis of system data / progress.
• Conduct POA&M management activities, to include processing, reviewing, verifying, and validating creation and closures.
• Report on expiring and overdue POA&Ms and ensure compliance with all DHS POA&M metrics and requirements as outlined in agency policy and the DHS ISPP.
• Review waiver and risk acceptance requests for compliance with the Agency's Policies and Procedures.
• Provide Quality Reviews of security documentation to ensure accuracy and compliance throughout the RMF process.
• Support systems of responsibility to ensure all Ongoing Authorization (OA), requirements are met, and any deficiencies are identified and tracked. Monitor activities and ensure all deficiencies exceeding 30 days are identified as requiring a POA&M.
• Assist with conducting review and analysis of Requests for Change (RFC) and providing recommendations to conduct risk assessment (as applicable) based on the change and/or Security Impact Assessment (SIA).
• Support Security Control Assessors (SCAs) as required for assigned systems.
• Provide input and assist with all audits, data calls, and queries relating to assigned systems.
• Stay current with the latest developments in cybersecurity, information assurance, GRC, and related cybersecurity trends.
• Create or update existing templates such as memos, risk assessments, disposal packages, to standardize and simplify GRC processes.
• Assist in completing customer's Management Control Objectives Program (MCOP) reporting requirements.
• Provide Weekly status reporting to leadership.
• Assist and support other team members as required by the Program Manager.
• Provide Leadership and Mentoring 2-3 compliance officers.

Qualifications:

• Experience and expert knowledge on NIST guidelines, FISMA, Cybersecurity principles and methodologies, Executive Orders (EO's), Office of Management and Budget (OMB) Memorandums, Federal, DoD and CISA Technical Reference Architectures, Maturity Models, Risk Management Framework (RMF), Cybersecurity Framework (CSF), technical knowledge of IT systems, and cloud security (is preferred).
• Knowledge of and experience using relevant cybersecurity and analysis tools such as Archer, Nessus Security Center, Splunk, etc.
• Experience with cloud-based environments and technologies is preferred.
• Knowledge of cybersecurity threats, risks, and vulnerabilities and how to mitigate them.
• Excellent communication skills (written and verbal), with the ability to explain complex concepts in a clear, concise manner.
• Strong problem-solving skills, proactive, ability to adapt to changes in priorities, attention to detail and organization skills, and possesses good problem-solving and decision-making skills.
• Must be able to conduct system analysis and quality reviews to detect performance issues.
• Well-versed in developing compliance solutions to resolve weaknesses or challenges.
• Ability to work independently and as part of a team.
• An analytical mind with excellent problem-solving ability is required.

Education and/or Experience:

• Minimum of a Bachelor of Science (or higher) in one of the following: computer engineering, computer science, IT, cyber security, or a related field and 7 years of IT Cybersecurity experience including direct support of the US government and 4 years acting as an ISSO, Assessor, or Compliance Analyst.
• Without a B.S. degree, a minimum of 10 years of IT cybersecurity experience including direct support for the US Government will be accepted.

Certifications:

• A minimum of at least one of the following certifications is required: Certified Authorization Professional (CAP), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Chief Information Security Officer (CCISO) OR equivalent according to the DOD 8570 approved certification list.

Clearance level:

• Minimum of active Secret Clearance.

Work Location:

• Primarily Remote. (Required onsite work at the client location in Springfield, VA and Zermount HQ in Arlington, VA., may be occasionally required.)

Hours of Operation:

• Business Hours: 8:00 am EST - 4:30 pm EST.

---