Compliance Specialist

Job Title: Compliacne Specialist

• Location: Lexington MA (Onsite 23 days/week)
• Job Type: W2 Contract

Background/Need:

The Groups overall mission is to enable research and development while keeping the Laboratory community safe and secure through the protection of information network facilities and personnel.

Responsibilities:

The IT Security Risk Auditor position performs audits of classified and unclassified Information Systems (IS) to ensure that they are being maintained in a compliant manner and are following applicable laws and government regulations such as National Industrial Security Program Operation Manual (NISPOM) guidelines regarding the protection of classified information systems National Institute of Standards and Technology (NIST) standards and special publications Cybersecurity Maturity Model Certification (CMMC) DCSA Assessment and Authorization Process Manual (DAAPM) and Laboratory Information System Security Procedures. The candidate must be knowledgeable in fundamental computer security principles and policies: Security Technical Implementation Guides (STIGs) NIST 80053/Risk Management Framework (RMF) CNSSI 1253 and DOD Manual 5205.07 Volumes 14 NIST SP 800171 and DAAPM 2.0.

The IT Security Risk Auditor is responsible for maintaining and auditing programs to validate compliance with various government regulations and Laboratory Information Security policies. The position is responsible for conducting comprehensive assessments of the management operation monitoring and technical security controls employed within or inherited by Information Systems to determine the overall effectiveness of the controls (i.e. the extent to which the controls are implemented correctly operating as intended and producing the desired outcome) with respect to meeting the security requirements of the Authorization to Operate (ATO) or other government regulation or contractual requirement for the system and for the ability to conduct open source and internal research to identify current threat indicators exploits and vulnerabilities.

Must Have:

Bachelors degree in Computer Science Information Technology Computer Information Systems or related field is required with a minimum of seven (7) years experience conducting risk assessments.
Experience in compliance auditing security reviews or vulnerability assessments.
Technical experience and skills course work completed toward a degree and industry IT certifications (i.e. CISSP CISA) may be considered substitutes for education and experience.
Candidate must possess an indepth knowledge of information security principles and policies such as Risk Management Framework (RMF) as presented by the National Institute of Standards and Technology (NIST) NIST SP 800171 and Security Technical Implementation Guides (STIGs).
The ability to read understand and apply government regulation policies and procedure such as the National Industrial Security Program Operating Manual (NISPOM) 32 CFR Part 117 FAR/DFARS Safeguarding CUI series (252.etc.) computer security principles and policies to include Security Technical Implementation Guides (STIGs) and NIST 80053 / Risk Management Framework (RMF) and NIST SP 800171.
Working experience directly related to Assessment and Authorization using any of the following:
o NIST 80053/Risk Management Framework (RMF)
o Joint Special Access Program (SAP) Implementation Guide
o NIST SP 800171 Understanding of CMMC Framework
o National Industrial Security Program Operating Manual (NISPOM) Chapter 8.

Nice to Have:

Information Assurance Certifications preferred (CISSP/CISA Security CCP/CCA or other industryrecognized Certification that validate knowledge in Cybersecurity framework or equivalent).

Education & Experience: Bachelors plus 7 Years of relevant work experience.

Work Authorization: US Citizensh is required due to the nature of the work.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race color religion sex national origin disability status protected veteran status or any other characteristic protected by law.