Compliance Officer - Arlington, United States - Zermount, Inc.

Description

COMPLIANCE OFFICER

Zermount Inc.

is seeking a Compliance Officer who will perform complex risk analyses and ensure systems and technologies satisfy Information Assurance (IA) and Cybersecurity requirements, based on federal requirements, laws, mandates, policies, procedures, standards, and guidelines (e.g., Executive Orders [EOs], OMB M, BODs, EODs, NIST, and agency specific requirements).

The Compliance Officer will provide Plan of Actions and Milestones (POA&M) management conduct FISMA compliance and Get-to-Green meetings, and work with Information Systems Security Officers (ISSO), System Owners, stakeholders, and leadership to meet Performance and Scorecard metrics.

The Compliance Officer will conduct regular (e.g., daily, weekly, monthly) system security compliance meetings for assigned systems of responsibility and provide feedback, recommendations, and mitigations to ensure systems meet the minimum requirements and security posture.

The Compliance Officer will perform analysis, design, and development of security features for system architectures. Support customers at the highest levels in the development and implementation of doctrine and policies.


DUTIES & RESPONSIBILITIES
The Compliance Officer will provide the following support and services:

• Perform complex reviews and analyses which include compliance assessments to identify compliance with federal requirements (e.g., EO, OMB M's, A-130, NIST SP 800-37, 800-53, FIPS 199, and FIPS-200, etc.), and security requirements based upon the analysis of people, processes, and technologies.
• Conduct compliance monitoring of assigned systems for all RMF steps.
• Conduct compliance assessments of System Owners IT Systems, based on the Zermount approved Compliance Support Services Framework.
• Execute day to day FISMA compliance monitoring, ensuring that all FISMA activities, including Information Security Continuous Monitoring (ISCM), Continuous Diagnostic and Mitigation (CDM), and FISMA program activities, are prioritized correctly, completed on schedule, and are in accordance with Agency and organizations policies.
• Perform assessment and analysis of designs, architectures, configurations, and implementation of Cybersecurity principles and security capabilities.
• Research major obstacles related to the ever-changing DHS FISMA requirements, which customers will need to overcome on a weekly, monthly, and yearly basis.
• Track and report on whether assigned systems have mitigated their weaknesses on time using the appropriate processes, ATO expirations, Information Security Vulnerability Management (ISVM) compliance, DHS Performance Plan requirements, systems meeting Agency Scorecard requirements, audit efforts, and CDM support efforts.
• Track and report on mandated FISMA activities are being executed according to the Agency Information Security Performance Plan for each fiscal year.
• Provide compliance monitoring metrics and reporting to IAD leadership, System Owners and ISSOs:

o Review the DHS Scorecard, conduct analysis, and generate "Get to Green" reports for IAD management and system ISSOs.

Conduct Get-to-green meetings with system owners and ISSOs, provide status, deficiencies, recommendations, and document action items with estimated completion dates (ECDs) with the goal of improving system scores within the DHS Scorecard.

Zermount, Inc. Position Description
o Manage ISVM alerts and bulletins for TSA to include tracking, distributing, and providing reports.

o Create briefings and reports, as required for, but not limited to the following items: high valued assets, ISVMs, POA&Ms, system scores (FISMA & ISCM).

• Provide input into the GRC presentations for monthly ISSO Townhall training, as required by management or the Training Team Lead.
• Provide updates and input to the GRC SharePoint sites to include document uploads, page updates, access requests, permissions, etc. on an ongoing basis.
• Create or update existing templates for memos, risk assessments, disposal packages, to standardize and simplify the process.
• Conduct compliance assessments and create ATO extension packages as required.
• Conduct POA&M management activities, to include processing, reviewing, verifying, and validating creation and closures. Report on expiring and overdue POA&Ms and ensure compliance with all DHS POA&M metrics and requirements as outlined in the policy directive and Information Security Performance Plan (ISPP).
• Review waiver packages for compliance with the Agency's Policies and Procedures.
• Provide Quality Review to ensure accuracy and compliance throughout the RMF process.
• Support system of responsibility to ensure all Ongoing Authorization (OA) and ISCM, and CDM requirements are verified and validated - with the goal of meeting all requirements defined by the Agency. Provide reports and action items for stakeholders and leadership.
• Assist with conducting review and analysis of Requests for Change (RFC) and providing recommendations to base on the change and Security Impact Assessment (SIA).
• Support Security Control Assessments (SCAs) as required.
• Provide input and assist with all audits, data calls, and queries.
• Stay current with the latest developments in cybersecurity, information assurance, GRC, and related cybersecurity trends.
• Create or update existing templates for memos, risk assessments, disposal packages, to standardize and simplify the process.
• Ensure security controls that can be inherited by other systems are set up for inheritance in the department's Governance Risk Compliance (GRC) tool and draft the control inheritance statements that can be used by other systems.
• Assist and support other team members as required by the Program Manager.
• Assist in completing Customer's Management Control Objectives Program (MCOP) reporting requirements.

QUALIFICATIONS

• Experience and expert knowledge NIST guidelines, FISMA, Cybersecurity principles and methodologies, Executive Orders (EO's), Office of Management and Budget (OMB) Memorandums, Federal, DoD and CISA Technical Reference Architectures, Maturity Models, Risk Management Framework (RMF), Cybersecurity Framework (CSF), technical knowledge of IT systems, and cloud security (is preferred).
• Knowledge of and experience using relevant cybersecurity and analysis tools such as Archer, Nessus Security Center, Splunk, etc.
• Experience with cloud-based environments and technologies is preferred.
• Knowledge of cybersecurity threats, risks, and vulnerabilities and how to mitigate them.
• Excellent communication skills (written and verbal), with the ability to explain complex concepts in a clear, concise manner.
• Strong problem-solving skills, proactive, ability to adapt to changes in priorities, attention to detail and organization skills, and possesses good problem solving and decision-making skills.
• Must be able to conduct system analysis and quality reviews to detect performance issues.
• Well versed in developing compliance solutions to resolve weaknesses or challenges.
• Ability to work independently and as part of a team.
• An analytical mind with excellent problem-solving ability is required.

EDUCATION AND EXPERIENCE

Education:

• Bachelor of Science (B.S.) in Engineering, Computer Science, IT, Cybersecurity, or a related field.

o Relevant years of experience may be used in substitution for situations where the candidate does not have a B.S.

degree in the required field.


Experience:

• With a B.S. in a relevant field - A minimum of 5 years of IT cybersecurity experience including direct support for the US Government and 4 years acting as an ISSO, Assessor, or Compliance Analyst; or
• Without a B.S. in a relevant field - A minimum of 7 years minimum of IT Cybersecurity experience including direct support of the US government and 4 years acting as an ISSO, Assessor, or Compliance Analyst.

CERTIFICATIONS
At least one of the following security certifications is required:

• Certified Authorization Professional (CAP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP), or
• Certified Chief Information Security Officer (CCISO)

CLEARANCE LEVEL

• Minimum of active Secret Clearance and ability to obtain and maintain DHS suitability.

WORK LOCATION


Primary location:
Washington, DC


Hours of Operation:

• 8:00 am EST - 4:30 pm EST.