Compliance Specialist - LLJP with Security Clearance

---

Job description

Job Title: Compliance Specialist Job Location: Lexington MA 02420 Onsite Requirements: Experience in compliance auditing, security reviews, or vulnerability assessments. in-depth knowledge of information security principles and policies NIST 800-53/Risk Management Framework (RMF) Job Description: The IT Security Risk Auditor position performs audits of classified and unclassified Information Systems (IS) to ensure that they are being maintained in a compliant manner and are following applicable laws and government regulations, such as National Industrial Security Program Operation Manual (NISPOM) guidelines regarding the protection of classified information systems, National Institute of Standards and Technology (NIST) standards and special publications, Cybersecurity Maturity Model Certification (CMMC), DCSA Assessment and Authorization Process Manual (DAAPM) and Laboratory Information System Security Procedures. The candidate must be knowledgeable in fundamental computer security principles and policies: Security Technical Implementation Guides (STIGs), NIST 800-53/Risk Management Framework (RMF), CNSSI 1253, and DOD Manual 5205.07 Volumes 1-4, NIST SP 800-171 and DAAPM 2.0. The IT Security Risk Auditor is responsible for maintaining and auditing programs to validate compliance with various government regulations and Laboratory Information Security policies. The position is responsible for conducting comprehensive assessments of the management, operation, monitoring and technical security controls employed within or inherited by Information Systems to determine the overall effectiveness of the controls (i.e. the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome) with respect to meeting the security requirements of the Authorization to Operate (ATO) or other government regulation or contractual requirement for the system and for the ability to conduct open source and internal research to identify current threat indicators, exploits, and vulnerabilities. Requirements: Bachelor's degree in computer science, Information Technology, Computer Information Systems, or related field is required with a minimum of seven (7) years' experience conducting risk assessments. Experience in compliance auditing, security reviews, or vulnerability assessments. Technical experience and skills, course work completed toward a degree, and industry IT certifications (i.e. CISSP, CISA) may be considered substitutes for education and experience. Candidate must possess an in-depth knowledge of information security principles and policies such as Risk Management Framework (RMF) as presented by the National Institute of Standards and Technology (NIST), NIST SP 800-171 and Security Technical Implementation Guides (STIGs). The ability to read, understand and apply government regulation, policies and procedure such as the National Industrial Security Program Operating Manual (NISPOM), 32 CFR Part 117, FAR/DFARS Safeguarding CUI series , etc.), computer security principles and policies, to include Security Technical Implementation Guides (STIGs) and NIST 800-53 / Risk Management Framework (RMF) and NIST SP 800-171. Working experience directly related to Assessment and Authorization using any of the following: NIST 800-53/Risk Management Framework (RMF) Joint Special Access Program (SAP) Implementation Guide NIST SP 800-171 Understanding of CMMC Framework National Industrial Security Program Operating Manual (NISPOM) Chapter 8 Preferred: Information Assurance Certifications preferred (CISSP/CISA, Security+, CCP/CCA, or other industry-recognized Certification that validate knowledge in Cybersecurity framework or equivalent). Qualification Assessment Must Have Admin Compliance & Auditing 7 years Degree Level Bachelor's Degree Yes Experience Document audit findings, including non-compliance issues or deviations 7 years Identify potential compliance issues and recommend policy/procedure changes 7 years IT system security compliance (NIST, PCI, HIPPA, CMMC) 3 years Support preparation for audit/review activities 7 years Government Policy/Regulations STIG Compliance 3 years Security NISPOM 32 CFR Part 117 experience 3 years NIST 800-171 3 years NIST 800-53 3 years Risk Management Framework (RMF) 3 years Soft Skills Strong Verbal and Written Communication Yes Time Management Yes Software MS Suite (Excel, ppt) 7 years Nice to Have Certification Security+ CE, CASP, CISSP, or similar security certification Yes Security Cybersecurity Maturing Model Compliance (CMMC) 0 years 3rd party and subcontract staffing agencies are not eligible for partnership on this position. 3rd party subcontractors need not apply. This position requires candidates to be eligible to work in the United States, directly for an employer, without sponsorship now or anytime in the future. This client is a US Federal Government contractor and is legally required to hire US Citizens. US Citizens will only be considered for this role. Due to the nature of the work, a United States Government Clearance is required to be eligible for the position

<!– job description page –>