Security Compliance SME

Acuity

$120K — $150K *
US-AnywhereRemote in Washington DC, US
Information Technology
11 - 15 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor’s degree in a technical field.
  • 12+ years of experience in cybersecurity and federal compliance.
  • 7+ years of expertise in NIST Risk Management Framework (RMF) and eMASS.
  • Recognized authority in federal IT compliance and security authorization.
  • CISSP certification required; CAP or CISA preferred; AWS/Azure certifications recommended.
  • Familiarity with compliance systems like eMASS and technical assessment tools.

Responsibilities

  • Provide expert advisory for NIST Risk Management Framework (RMF) implementation.
  • Lead development and maintenance of System Security Plans (SSP) and security control traceabilities.
  • Implement and manage security assessment artifacts in eMASS.
  • Conduct internal technical security assessments for 3PAO audit readiness.
  • Analyze technical system configurations for NIST 800-53 compliance.
  • Act as primary technical advisor during the ATO lifecycle for agency systems.
  • Manage implementation of Plans of Action and Milestones (POA&M) to remediate security gaps.

Benefits

  • Access to professional development and training opportunities.
  • Collaborative work environment with a focus on innovation.
  • Potential for career advancement within a federal compliance framework.
Full Job Description
Overview

Responsibilities

  • Provide expert-level advisory for the implementation of the NIST Risk Management Framework (RMF).
  • Lead the development and maintenance of comprehensive System Security Plans (SSP) and security control traceabilities.
  • Technical implementation and management of security assessment artifacts within the eMASS (Enterprise Mission Assurance Support Service) system.
  • Conduct internal technical security assessments to ensure readiness for formal third-party assessment (3PAO) audits.
  • Analyze technical system configurations to ensure adherence to NIST 800-53 Moderate/High controls and DISA STIGs.
  • Serve as the primary technical advisor during the federal Authority to Operate (ATO) lifecycle for agency systems.
  • Manage the technical implementation of Plans of Action and Milestones (POA&M) for remediating security gaps.
Qualifications
  • Bachelor’s degree in a technical field.
  • 12+ years of experience in cybersecurity and federal compliance.
  • 7+ years of deep expertise in the NIST RMF and the eMASS system.
  • Recognized authority in federal IT compliance and security authorization.

Preferred Certifications

  • Federal & Security: CISSP (required) and Certified Authorization Professional (CAP) or CISA.
  • Domain-Specific: AWS/Azure Security certifications.
  • Architecture/Management: CISM or GSLC.

Technical Skills

  • Compliance Systems: eMASS, Xacta, ServiceNow GRC.
  • Technical Assessment Tools: Tenable/ACAS, STIG Viewer, SCAP Compliance Checker.
  • Documentation: SSP, SAR, RAR, POA&M development.
  • Standards: NIST 800-53, 800-37, 800-171, FIPS 199.

Regulatory & Domain Expertise

  • Demonstrated expertise in applying FedRAMP Moderate/High baselines and DoD RMF requirements.
  • Technical implementation of FISMA High compliance for enterprise federal systems.
  • Experience with Continuous Diagnostics and Mitigation (CDM) and continuous monitoring programs.

Clearance Requirement

  • Active security clearance (Secret or Top Secret) or eligibility to obtain one.

 

Similar Jobs

More Jobs at Acuity

More Information Technology Jobs

Find similar Security Compliance SME jobs: