Senior Cybersecurity Engineer - Compliance & Risk Management jobs in United States
cer-icon
Apply on Employer Site
company-logo

Human Resources Research Organization (HumRRO) · 5 months ago

Senior Cybersecurity Engineer - Compliance & Risk Management

positionAlexandria, VA
timeFull-time
remoteOnsite
seniorityMid, Senior Level
money$100K/yr - $155K/yr
date7+ years exp

The Human Resources Research Organization (HumRRO) is a non-profit leader in developing high-impact services and products in the arenas of employment, military, student testing, and professional credentialing and licensure. They are seeking a Senior Cybersecurity Engineer to lead enterprise compliance and security programs across various engagements, manage compliance frameworks, and mentor junior engineers.

Human ResourcesMarket Research
check
Growth OpportunitiesbadNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Lead enterprise cybersecurity compliance programs (CMMC, FedRAMP, SCRM, NIST frameworks, ISO 27001:2022)
Manage monthly compliance reporting and KPI dashboards for executive leadership
Coordinate third-party compliance audits (NIST 800-171, CMMC, ISO 27001, FedRAMP) and remediation activities
Maintain compliance evidence catalogs and SaaS compliance implementation controls
Evaluate and implement security controls across software applications and cloud platforms AWS, Azure, and Office 365
Oversee Risk Management Framework (RMF) processes for government contract organizations as well as applications in the DoD space (ATO/IATT/IATO documentation)
Conduct weekly Plan of Action and Milestone (POA&M) reviews and monthly security assessments
Develop and maintain security policies, procedures, and technical standards
Lead vulnerability management programs & conduct security assessments and penetration testing coordination
Manage business continuity of operations (COOP) program including disaster recovery and crisis management plans
Lead incident response and security event investigation
Mentor and manage junior cybersecurity engineers and analysts
Interface with federal agencies, auditors, and compliance assessors
Work with system architects for security requirements on existing cloud workloads, cloud migrations and/or hybrid environments
Facilitate and oversee completion of all customers' cyber security questionnaires and qualifications with time-critical deadlines
Coordinate with HumRRO Contracts Division on written responses to RFPs regarding IT security, controls, data privacy and regulatory compliance
Assist with implementation and administration of cybersecurity supply chain risk management (C-SCRM) program
Develop compliance documentation and security narratives for proposals
Support business development with technical security expertise
Serve as subject matter expert on internal security controls and regulations

Qualification

Cybersecurity compliance programsNIST compliance frameworksRisk Management Framework (RMF)Vulnerability scanning toolsSecurity+ certificationAWS certificationsCMMC certificationOffice 365 securityAnalytical skillsPeople managementCommunication skillsLeadership experience

Required

US Citizen with ability to obtain/maintain security clearance
Work on-site at Alexandria VA (Up to 2 remote days possible after 90-day introductory period)
Bachelor's degree in Cybersecurity, Computer Science, or equivalent field. Work experience may be considered in lieu of degree
7+ years of cybersecurity engineering and compliance experience
5+ years of enterprise experience managing Risk and Compliance efforts including multiple regulatory and standard security frameworks
Existing Security+ certification or the ability to obtain within 6 months (CISSP, CCSP, or CISM preferred)
Deep expertise in NIST 800-171, 800-53, RMF, and DoD compliance frameworks
Hands-on experience with CMMC and FedRAMP authorization processes
Proficiency in Office 365 security configuration and management
Experience with vulnerability scanning tools (e.g. ACAS, Nessus, Rapid7, Qualys or equivalent)
Strong analytical and information gathering skills with ability to work multiple tasks simultaneously under short deadlines
Excellent communication skills for stakeholder engagement

Preferred

Active DoD clearance
Experience in the nonprofit sector managing IT or related activities
CMMC Certified Professional (CCP) or CMMC Certified Assessor (CCA)
Experience with FedRAMP 3PAO assessments
Knowledge of Supply Chain Risk Management (SCRM) frameworks
AWS certifications (Solutions Architect, Security Specialty preferred)
Experience with DevSecOps pipeline integration and IAC
CISSP, CCSP, CISM, or CISSP-ISSAP certifications
Knowledge of DoD STIG implementation and automated compliance tools
Federal contracting and audit experience
Experience with Atlassian suite (Jira, Confluence)
Experience with eMASS package development and continuous monitoring activities
Experience with STIG implementation and SCAP compliance validation
Experience with bi-annual COOP testing and crisis management plan development
Leadership experience managing technical teams
People Management Experience is a plus

Benefits

Health, dental and vision insurance
Life insurance equal to 2x annual salary
Retirement plan with company matching
Paid professional development and certification maintenance
Tuition reimbursement
12 weeks of paid parental leave
Generous paid time off and 10 paid holidays

Company

Human Resources Research Organization (HumRRO)

twittertwittertwitter
company-logo
HumRRO is an industry leader in developing best-practice solutions exclusively for each client.
dateFounded in 1951
location
Alexandria, Virginia, USA
people-size201-500 employees
web-link
https://www.humrro.org/corpsite/

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
Joe Greer
Vice President and Chief Technology Officer
linkedin
leader-logo
kirk A.
CFO
linkedin

Recent News

LinkedIn
Marcia Scheiner on LinkedIn: Thoroughly enjoyed this session with Human Resources Research Organization…
2024-04-08
Company data provided by crunchbase