IT Security Compliance Specialist

SECURE ROOTS
Lexington, United States of America
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Lexington, United States of America

Tech stack

Microsoft Access
Microsoft Excel
Computer Security
Information Systems
Data Auditing
Laboratory Information Management Systems
Microsoft Office
Open Source Technology
Microsoft PowerPoint
SAP Applications
Information Technology
National Industrial Security Program Operating Manual (NISPOM)
Vulnerability Analysis

Job description

The IT Security Risk Auditor performs audits of classified and unclassified Information Systems (IS) to ensure that they are maintained in a compliant manner and are following applicable laws and government regulations, including National Industrial Security Program Operating Manual (NISPOM) guidelines regarding the protection of classified information systems, National Institute of Standards and Technology (NIST) standards and special publications, Cybersecurity Maturity Model Certification (CMMC), DCSA Assessment and Authorization Process Manual (DAAPM), and Laboratory Information System Security Procedures. The position is responsible for maintaining and auditing programs to validate compliance with government regulations and Laboratory Information Security policies. The role includes conducting comprehensive assessments of management, operational, monitoring, and technical security controls employed within or inherited by Information Systems to determine the overall effectiveness of the controls in meeting Authorization to Operate (ATO), government regulatory, and contractual security requirements. The candidate will also conduct open-source and internal research to identify current threat indicators, exploits, and vulnerabilities. Responsibilities

  • Conduct audits of classified and unclassified Information Systems (IS).
  • Document audit findings, including non-compliance issues and deviations.
  • Identify potential compliance issues and recommend policy and procedure changes.
  • Support preparation for audit and review activities.
  • Maintain and audit programs to validate compliance with government regulations and Laboratory Information Security policies.
  • Conduct comprehensive assessments of management, operational, monitoring, and technical security controls.
  • Evaluate the effectiveness of security controls in support of Authorization to Operate (ATO) requirements.
  • Perform compliance auditing, security reviews, risk assessments, and vulnerability assessments.
  • Conduct open-source and internal research to identify threat indicators, exploits, and vulnerabilities.

Requirements

  • Bachelor''s degree in Computer Science, Information Technology, Computer Information Systems, or a related field.
  • Minimum seven (7) years of experience conducting risk assessments.
  • Minimum seven (7) years of experience in compliance auditing.
  • Experience with security reviews or vulnerability assessments.
  • Technical experience, coursework completed toward a degree, and industry IT certifications may be considered substitutes for education and experience.
  • Strong verbal and written communication skills.
  • Strong time management skills.
  • Minimum seven (7) years of experience with Microsoft Office Suite, including Excel and PowerPoint.

Required Technical Skills

  • IT system security compliance (NIST, PCI, HIPAA, CMMC)
  • Security Technical Implementation Guides (STIGs)
  • NIST SP 800-53 / Risk Management Framework (RMF)
  • NIST SP 800-171
  • NISPOM (32 CFR Part 117)
  • CNSSI 1253
  • DOD Manual 5205.07 Volumes 1-4
  • FAR/DFARS Safeguarding CUI requirements , etc.)
  • DCSA Assessment and Authorization Process Manual (DAAPM 2.0)

Assessment & Authorization Experience Experience with one or more of the following:

  • NIST SP 800-53 / Risk Management Framework (RMF)
  • Joint Special Access Program (SAP) Implementation Guide
  • NIST SP 800-171
  • Cybersecurity Maturity Model Certification (CMMC) Framework
  • National Industrial Security Program Operating Manual (NISPOM) Chapter 8, * Security+ CE
  • CASP
  • CISSP
  • CISA
  • CCP/CCA or other industry-recognized cybersecurity certification
  • Direct experience with DCSA facility compliance reviews and security audits.

Apply for this position