Compliance OFFICER mIDrnMILITARY FRIENDLY PREFERRED - HOH SPONSORrnrnZermount Inc. is seeking a Compliance Officer MID who will perform complex risk analyses and ensure systems and technologies satisfy Information Assurance (IA) and Cybersecurity requirements, based on federal requirements, laws, mandates, policies, procedures, standards, and guidelines (e.g., EOs, OMB, BODs, NIST, and agency specific requirements). The Compliance Officer will provide Plan of Actions and Milestones (POAM) management, conduct FISMA Compliance meetings, and work with Information Systems Security Officers (ISSO), System Owners (SO), stakeholders, and leadership to meet performance and scorecard metrics. The Compliance Officer will conduct regular (e.g., daily, weekly, monthly) system security compliance meetings for assigned systems of responsibility, provide feedback and recommended mitigations to ensure systems meet the minimum requirements and security posture. Support customer at the highest levels to ensure the implementation of doctrine and policies. rnrnDuties Responsibilities:rnThe Compliance Officer MID will provide the following support and services:rnrnPerform Compliance reviews and analyses to verify compliance with federal requirements (e.g., EO, OMB Memos, A-130, NIST SP 800-37, 800-53, FIPS199, and FIPS-200, etc.).rnPerform analyses of security implementations for assigned systems pertaining to people, processes, and technologies, identify gaps and recommend solutions.rnConduct daily, weekly, monthly compliance monitoring of assigned systems for all RMF steps.rnConduct compliance assessments of assigned systems, based on the Zermount approved Compliance Support Services Framework.rnExecute day to day FISMA compliance monitoring, ensuring that all FISMA activities, including Information Security Continuous Monitoring (ISCM), Continuous Diagnostic and Mitigation (CDM), and FISMA program activities assigned are prioritized correctly, completed on schedule, and are in accordance with Agency and organizations policies.rnResearch major obstacles related to the ever-changing FISMA requirements, which customers will need to overcome and provide recommendations.rnTrack system ATO status, security documentation expirations (Contingency Plan, Contingency Plan Test, Configuration Management Plans, Incident Response Plans, etc.) Information Security Vulnerability Management (ISVM) compliance, DHS Performance Plan requirements, audit efforts, and CDM support efforts.rnConduct analysis of system level POAMs and provide guidance and recommendations on potential mitigation to close current or delayed POAMs. rnTrack and report on whether assigned systems have mitigated their weaknesses on time using the appropriate processes and reporting timelines. rnTrack and report on whether mandated FISMA activities are being executed in accordance with the current DHS Information Security Performance Plan (ISPP) for the fiscal year.rnProvide compliance monitoring metrics and reporting to Agency leadership. rnReview the DHS Scorecard, for each assigned system, conduct analysis, and generate
