COMPLIANCE OFFICER SR.nMILITARY FRIENDLY & PREFERRED - HOH SPONSORnnZermount Inc. is seeking a Senior Compliance Officer who will perform complex risk analyses and ensure systems and technologies satisfy Information Assurance (IA) and Cybersecurity requirements, based on federal requirements, laws, mandates, policies, procedures, standards, and guidelines (e.g., EOs, OMB, BODs, NIST, and agency specific requirements). The Compliance Officer will provide Plan of Actions and Milestones (POA&M) management, conduct FISMA Compliance meetings, and work with Information Systems Security Officers (ISSO), System Owners (SO), stakeholders, and leadership to meet performance and scorecard metrics. The Compliance Officer will conduct regular (e.g., daily, weekly, monthly) system security compliance meetings for assigned systems of responsibility, provide feedback and recommended mitigations to ensure systems meet the minimum requirements and security posture. Support customer at the highest levels to ensure the implementation of doctrine and policies.nnDuties & Responsibilities:nThe Senior Compliance Officer will provide the following support and services:nnPerform Compliance reviews and analyses to verify compliance with federal requirements (e.g., EO, OMB Memos, A-130, NIST SP 800-37, 800-53, FIPS199, and FIPS-200, etc.).nPerform analyses of security implementations for assigned systems pertaining to people, processes, and technologies, identify gaps and recommend solutions.nConduct daily, weekly, monthly compliance monitoring of assigned systems for all RMF steps.nConduct compliance assessments of assigned systems, based on the Zermount approved Compliance Support Services Framework.nExecute day to day FISMA compliance monitoring, ensuring that all FISMA activities, including Information Security Continuous Monitoring (ISCM), Continuous Diagnostic and Mitigation (CDM), and FISMA program activities assigned are prioritized correctly, completed on schedule, and are in accordance with Agency and organizations policies.nResearch major obstacles related to the ever-changing FISMA requirements, which customers will need to overcome and provide recommendations.nTrack system ATO status, security documentation expirations (Contingency Plan, Contingency Plan Test, Configuration Management Plans, Incident Response Plans, etc.) Information Security Vulnerability Management (ISVM) compliance, DHS Performance Plan requirements, audit efforts, and CDM support efforts.nConduct analysis of system level POA&Ms and provide guidance and recommendations on potential mitigation to close current or delayed POA&Ms.nTrack and report on whether assigned systems have mitigated their weaknesses on time using the appropriate processes and reporting timelines.nTrack and report on whether mandated FISMA activities are being executed in accordance with the current DHS Information Security Performance Plan (ISPP) for the fiscal year.nProvide compliance monitoring metrics and reporting to Agency leadership.nReview the DHS Scorecard, for each assigned system, conduct analysis, and generate "Get to Green" reports.nConduct Get-to-green meetings with SOs and ISSOs, provide status, deficiencies, recommendations, and document action items with estimated completion dates (ECDs) with the goal of improving system scores within the DHS Scorecard.nManage ISVM alerts and bulletins for TSA systems to include tracking, distributing, and providing reports.nSupport systems of responsibility to ensure all ISCM and CDM requirements are met and mitigations for failing requirements are identified and discussed to ensure a plan is established to meet all requirements defined. Provide monthly reports with action items for stakeholders and leadership.nCreate briefings and reports, as required for, but not limited to the following items: high valued assets, ISVMs, POA&Ms, system scores (FISMA & ISCM).nProvide input into the GRC presentations for monthly ISSO Townhall training, as required by management or the Communications & Training Team Lead.nProvide updates and input to the GRC SharePoint sites to include document uploads, page updates, access requests, permissions, etc. on an ongoing basis.nCreate or update existing templates for memos, risk assessments, disposal packages, to standardize and simplify the process.nConduct system compliance assessment to identify progress on ATO conditions, develop extension packages as required annotating analysis of system data / progress.nConduct POA&M management activities, to include processing, reviewing, verifying, and validating creation and closures.nReport on expiring and overdue POA&Ms and ensure compliance with all DHS POA&M metrics and requirements as outlined in agency policy and the DHS ISPP.nReview waiver and risk acceptance requests for compliance with the Agency's Policies and Procedures.nProvide Quality Reviews of security documentation to ensure accuracy and compliance throughout the RMF process.nSupport systems of responsibility to ensure all Ongoing Authorization (OA), requirements are met, and any deficiencies are identified and tracked. Monitor activities and ensure all deficiencies exceeding 30 days are identified as requiring a POA&M.nAssist with conducting review and analysis of Requests for Change (RFC) and providing recommendations to conduct risk assessment (as applicable) based on the change and/or Security Impact Assessment (SIA).nSupport Security Control Assessors (SCAs) as required for assigned systems.nProvide input and assist with all audits, data calls, and queries relating to assigned systems.nStay current with the latest developments in cybersecurity, information assurance, GRC, and related cybersecurity trends.nCreate or update existing templates such as memos, risk assessments, disposal packages, to standardize and simplify GRC processes.nAssist in completing customer's Management Control Objectives Program (MCOP) reporting requirements.nProvide Weekly status reporting to leadershipnAssist and support other team members as required by the Program Manager.nnQualifications:nnExperience and expert knowledge on NIST guidelines, FISMA, Cybersecurity principles and methodologies, Executive Orders (EO's), Office of Management and Budget (OMB) Memorandums, Federal, DoD and CISA Technical Reference Architectures, Maturity Models, Risk Management Framework (RMF), Cybersecurity Framework (CSF), technical knowledge of IT systems, and cloud security (is preferred).nKnowledge of and experience using relevant cybersecurity and analysis tools such as Archer, Nessus Security Center, Splunk, etc.nExperience with cloud-based environments and technologies is preferred.nKnowledge of cybersecurity threats, risks, and vulnerabilities and how to mitigate them.nExcellent communication skills (written and verbal), with the ability to explain complex concepts in a clear, concise manner.nStrong problem-solving skills, proactive, ability to adapt to changes in priorities, attention to detail and organization skills, and possesses good problem solving and decision- making skills.nMust be able to conduct system analysis and quality reviews to detect performance issues.nWell versed in developing compliance solutions to resolve weaknesses or challenges.nAbility to work independently and as part of a team.nAn analytical mind with excellent problem-solving ability is required.nDesign, develop, engineer, and implement solutions to MLS requirements.nPerform complex risk analyses which also include risk assessment.nEstablish and satisfy information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands.nSupport customers at the highest levels in the development and implementation of doctrine and policies.nApply know-how to government and commercial common user systems, as well as to dedicated special purpose systems requiring specialized security features and procedures.nPerform analysis, design, and development of security features for system architectures.nnEducation and/or Experience:nnMinimum of a Bachelor of Science (or higher) in one of the following: computer engineering, computer science, IT, cyber security, or a related field and 7 years of IT Cybersecurity experience including direct support of the US government and 4 years acting as an ISSO, Assessor, or Compliance Analyst.nWithout a B.S. degree, a minimum of 10 years of IT cybersecurity experience including direct support for the US Government will be acceptednnCertifications:nnA minimum of at least one of the following certifications is required: Certified Authorization Professional (CAP), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Chief Information Security Officer (CCISO) OR equivalent according to the DOD 8570 approved certification list.nnClearance level:nnMinimum of active Secret Clearance.nnWork Location:nnPrimarily Remote (Onsite work in Arlington, VA or in the United States may be occasionally required). nnnHours of Operation:nnBusiness Hours: 8:00 am EST - 4:30 pm EST.n
