Koniag Government Services

Security Policy and Compliance Lead

Koniag Government Services$100K — $130K *
Education, Government & Non-Profit
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Cybersecurity, IT, Information Assurance, or a related field.
  • 8+ years of cybersecurity policy and compliance experience, with a minimum of 3 years in a lead role.
  • Demonstrated compliance program management experience with federal requirements, especially FISMA.
  • In-depth knowledge of federal cybersecurity laws and standards including NIST and OMB Circular A-130.
  • Relevant professional certifications, such as CISSP or CISM, reflecting a strong knowledge of security frameworks.

Responsibilities

  • Serve as the primary subject matter expert for SBA's security policy and compliance programs.
  • Lead the development and improvement of cybersecurity policy frameworks and compliance measures.
  • Manage the compliance program to ensure federal cybersecurity laws are met.
  • Guide the NIST Risk Management Framework processes for SBA's systems.
  • Oversee continuous monitoring programs and compliance reporting to agency leadership.
  • Coordinate FISMA reporting and ensure accuracy in compliance metrics.
  • Collaborate with SBA teams to resolve audit findings and ensure compliance.

Benefits

  • Opportunity to work with the U.S. Small Business Administration, influencing federal cybersecurity policies.
  • Involvement in a significant role that impacts national cybersecurity compliance.
  • Flexible work environment with a focus on leadership and strategic improvement in cybersecurity frameworks.
Full Job Description
Koniag Data Solutions, LLC, a Koniag Government Services company, is seeking a Security Policy and Compliance Lead to support KDS and our government customer in Washington, DC. This position requires the candidate to be able to obtain a Public Trust.

Koniag Data Solutions, a Koniag Government Services company, is seeking an experienced Security Policy and Compliance Lead to support the U.S. Small Business Administration (SBA). The ideal candidate is a seasoned cybersecurity professional with deep expertise in federal security policy development, compliance program management, and the application of federal cybersecurity frameworks and regulations within complex federal government environments. This individual will serve as the primary subject matter expert (SME) for security policy and compliance activities at the SBA, providing strategic guidance, technical leadership, and hands-on program management to ensure the agency's cybersecurity policies, procedures, and practices align with applicable federal laws, regulations, executive orders, and industry best practices.

The Security Policy and Compliance Lead will serve as the senior expert responsible for leading and managing SBA's security policy and compliance programs, ensuring the agency's cybersecurity posture aligns with federal security requirements, regulatory obligations, and organizational risk tolerance.

Principal responsibilities will include but are not limited to:
  • Serve as the primary subject matter expert (SME) and program lead for SBA's security policy and compliance programs, providing strategic direction, technical guidance, and hands-on leadership to ensure the agency's cybersecurity policies, procedures, and practices meet all applicable federal security requirements and regulatory obligations.
  • Lead the development, review, maintenance, and continuous improvement of SBA's cybersecurity policy framework, including agency-wide security policies, standards, procedures, guidelines, and baselines, ensuring alignment with NIST, FISMA, OMB, and CISA requirements and directives.
  • Oversee and manage SBA's compliance program, ensuring the agency's IT systems, security controls, and operational practices comply with applicable federal cybersecurity laws, regulations, executive orders, and OMB mandates, including FISMA, OMB Circular A-130, and relevant CISA Binding Operational Directives (BODs) and Emergency Directives (EDs).
  • Lead and support the NIST Risk Management Framework (RMF) process across SBA's system portfolio, providing expert guidance on security categorization, control selection, implementation, assessment, authorization, and continuous monitoring activities.
  • Develop, maintain, and continuously improve SBA's continuous monitoring program, including the development of monitoring strategies, assessment schedules, and reporting mechanisms to track the ongoing security posture of SBA's information systems and report compliance status to agency leadership.
  • Oversee the preparation and submission of SBA's annual FISMA reporting requirements, coordinating with system owners, security control assessors, and agency leadership to compile accurate and comprehensive FISMA metrics and performance data.
  • Collaborate with SBA IT teams, system owners, program offices, and the Office of Inspector General (OIG) to address audit findings, compliance gaps, and POA&M (Plan of Action and Milestones) items, developing and tracking corrective action plans to ensure timely resolution.
  • Lead the development and maintenance of SBA's Plan of Action and Milestones (POA&M) program, overseeing the identification, tracking, prioritization, and remediation of security weaknesses and compliance deficiencies across SBA's system portfolio.
  • Provide expert guidance and support for third-party security assessments, audits, and evaluations, including those conducted by the OIG, GAO, and other oversight bodies, coordinating SBA's response to audit findings and recommendations.
  • Develop and maintain a comprehensive security compliance roadmap and reporting framework, providing SBA leadership with regular visibility into the agency's compliance posture, outstanding risks, and remediation progress.
  • Monitor and analyze changes to federal cybersecurity laws, regulations, executive orders, OMB guidance, and CISA directives, assessing their impact on SBA's security policy and compliance programs and leading the timely implementation of required program updates and changes.
  • Collaborate with the Cybersecurity Architect, SOC, privacy, and other cybersecurity program teams to ensure security policies and compliance requirements are integrated into technical operations, system design, and security architecture activities.
  • Develop and deliver security policy and compliance awareness training and briefings to SBA personnel, system owners, and leadership, fostering a culture of security compliance and shared accountability across the agency.
  • Support the development and maintenance of SBA's cybersecurity strategy and roadmap, providing expert input on policy and compliance considerations to inform agency-wide security investment and improvement decisions.
  • Serve as a liaison with external stakeholders, including OMB, CISA, DHS, and other federal agencies, on security policy and compliance matters, representing SBA's interests and ensuring alignment with governmentwide cybersecurity policy initiatives and mandates.


Education and Experience:
Required:

  • Bachelor's degree in Cybersecurity, Information Technology, Information Assurance, Computer Science, or a related field from an accredited college or university.
  • 8+ years of progressive experience in cybersecurity policy, compliance, information assurance, or a related field, with at least 3 years in a lead or senior role managing federal security policy and compliance programs.
  • Demonstrated experience managing federal cybersecurity compliance programs, including FISMA reporting, RMF implementation, and POA&M management, within a federal government agency or supporting a federal government customer.
  • In-depth knowledge of federal cybersecurity laws, regulations, and guidance, including FISMA, OMB Circular A-130, NIST SP 800-53, NIST RMF, and applicable CISA BODs and EDs.
  • One or more of the following certifications:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • GIAC Security Essentials (GSEC)
  • GIAC Certified Enterprise Defender (GCED)
  • CompTIA Security+ (with demonstrated senior-level experience in policy and compliance roles)
  • Certified Authorization Professional (CAP) / ISC2 Certified in Governance, Risk and Compliance (CGRC)

Desired:
  • Master's degree in Cybersecurity, Information Assurance, Public Administration, or a related field.
  • 10+ years of experience in federal cybersecurity policy and compliance program management, with demonstrated experience supporting a federal civilian agency of similar size and complexity to the SBA.


Required Skills and Competencies:
  • Exceptional communication skills in English - both written and oral - with the ability to clearly communicate complex security policy, compliance, and regulatory requirements to diverse audiences, including technical staff, program managers, system owners, and senior agency leadership.
  • Deep expertise in federal cybersecurity frameworks, laws, and regulations, including FISMA, OMB Circular A-130, NIST SP 800-53, NIST RMF, NIST CSF, and applicable CISA BODs, EDs, and guidance documents.
  • Comprehensive knowledge of the NIST Risk Management Framework (RMF) process, including security categorization (FIPS 199), control selection and tailoring (NIST SP 800-53), security assessment (NIST SP 800-53A), authorization, and continuous monitoring (NIST SP 800-137).
  • Strong experience developing, reviewing, and maintaining federal cybersecurity policy documentation, including agency security policies, standards, procedures, guidelines, system security plans (SSPs), and security assessment reports (SARs).
  • Demonstrated experience leading and managing federal FISMA compliance programs, including the preparation and submission of annual FISMA reports, performance metrics, and supporting documentation.
  • Experience developing and managing POA&M programs, including the identification, tracking, prioritization, and remediation of security weaknesses and compliance deficiencies across complex federal system portfolios.
  • Proficiency in developing and managing continuous monitoring programs, including the development of monitoring strategies, assessment schedules, and compliance reporting mechanisms aligned with NIST SP 800-137 and CISA CDM program requirements.
  • Experience supporting third-party security audits, assessments, and evaluations, including those conducted by the OIG, GAO, and independent assessors, and coordinating agency responses to audit findings and recommendations.
  • Strong knowledge of federal IT governance frameworks and their relationship to cybersecurity policy and compliance, including OMB IT governance requirements, Federal Enterprise Architecture (FEA), and FITARA.
  • Ability to develop and deliver effective security policy and compliance awareness training and briefings to diverse federal agency audiences, including technical staff, program managers, and senior leadership.
  • Strong analytical and problem-solving skills, with the ability to assess complex compliance challenges, identify root causes, and develop practical, risk-informed remediation strategies.
  • Ability to obtain and maintain a Public Trust Clearance.


Desired Skills and Competencies:
  • Prior experience supporting SBA or other federal civilian agency security policy and compliance programs, with demonstrated knowledge of SBA's mission, IT environment, and cybersecurity compliance obligations.
  • Experience with GRC (Governance, Risk, and Compliance) platforms and tools, such as Archer, ServiceNow GRC, CSAM, or similar, for managing security compliance, POA&M tracking, and RMF documentation within a federal environment.
  • Familiarity with cloud security compliance requirements, including FedRAMP authorization processes, FedRAMP continuous monitoring requirements, and the security compliance implications of cloud service adoption within federal agencies.
  • Knowledge of supply chain risk management (SCRM) frameworks and their integration into federal agency cybersecurity policy and compliance programs, including NIST SP 800-161 and applicable OMB guidance.
  • Experience supporting federal agency responses to CISA Binding Operational Directives (BODs) and Emergency Directives (EDs), including the development and tracking of agency implementation plans and compliance reporting.
  • Familiarity with the CDM (Continuous Diagnostics and Mitigation) program, its tools and data requirements, and the integration of CDM capabilities into agency continuous monitoring and compliance programs.
  • Experience developing and managing cybersecurity policy and compliance programs that address emerging technology areas, including artificial intelligence, cloud computing, and zero trust architecture implementation.
  • Knowledge of federal records management requirements and their intersection with cybersecurity policy and compliance obligations, including NARA guidance and federal records schedules.
  • Experience supporting federal agency interactions with oversight bodies, including the OIG, GAO, and congressional oversight committees, on cybersecurity policy and compliance matters.
  • Familiarity with privacy law and its intersection with cybersecurity policy and compliance, including the Privacy Act of 1974, OMB privacy guidance, and NIST privacy controls.
  • Certified in Risk and Information Systems Control (CRISC) certification.
  • Experience developing enterprise cybersecurity compliance dashboards, scorecards, and executive reporting mechanisms to provide agency leadership with real-time visibility into compliance posture and risk levels.

About Koniag Government Services

Koniag Government Services Careers

Join the dynamic team at Koniag Government Services, a leader in providing innovative solutions to government clients. This esteemed company offers a plethora of job opportunities that pave the way for professional growth and career advancement in a diverse and inclusive environment.

Explore Career Opportunities

Koniag Government Services is actively hiring and offers a range of positions that cater to various skills and experiences. Whether you're a seasoned professional or a recent graduate, Koniag Government Services provides a platform to enhance your career through meaningful work in a supportive culture.

Innovation and Leadership

At the forefront of innovation, Koniag Government Services encourages its team to lead with creativity and strategic thinking. The company is committed to leadership development and diversity training, ensuring that all team members have the opportunity to excel and contribute to industry-leading projects.

Professional Growth and Development

Koniag Government Services is dedicated to the professional development of its employees. With comprehensive benefits, competitive employment packages, and opportunities for advancement, the company supports its team in achieving their career goals. Networking within the company and industry is encouraged, fostering a community of learning and mutual growth.

Internship Programs

For those starting their career journey, Koniag Government Services offers internship programs that provide real-world experience and a pathway to full-time employment. Interns gain valuable industry knowledge and develop essential skills under the guidance of experienced mentors.

Commitment to Diversity and Inclusion

Diversity is at the core of Koniag Government Services' values. The company is committed to creating an inclusive environment where diverse voices are heard and valued. Diversity training is integral, equipping the team with the tools to thrive in a multicultural setting.

Applying for a Position

To apply for a position at Koniag Government Services, candidates should prepare a resume that highlights relevant experience and skills. The interview process is designed to assess fit both for the role and the company culture, ensuring alignment with the team’s values and objectives.

Stay Connected with Koniag Government Services Careers

Explore the various job opportunities and embark on a path of professional growth and innovation. Koniag Government Services is not just a workplace but a community where careers flourish in an environment of respect, integrity, and continuous learning.

Search Koniag Government Services Jobs

Discover the exciting career opportunities available at Koniag Government Services. Search for open positions that match your skills and interests, and join a team that values curiosity, creativity, and collaboration.

Keep Up to Date

Stay informed with the latest career tips, industry insights, and company updates directly from Koniag Government Services. Engage with content that can transform your professional journey and lead to rewarding opportunities.

Job Alert Emails

Personalize your subscription to receive job alerts and insider tips tailored to your preferences from Koniag Government Services. See what exciting and rewarding opportunities await in the field of government services.
Learn more about Koniag Government Services
Size
501 employees
Industry

Similar Jobs

More Jobs at Koniag Government Services

More Education, Government & Non-Profit Jobs

Find similar Security Policy and Compliance Lead jobs: