Compliance Specialist

Compliance Specialist

Location

Lexington, MA (Predominantly onsite, with potential for hybrid schedule after 3-4 months)

Clearance Required

Interim Clearance OK to start, will need to obtain a Top Secret Clearance

Duration

3 years

The Compliance Specialist will play a critical role in conducting audits of classified and unclassified Information Systems (IS) to ensure adherence to applicable laws, government regulations, and internal security policies.

The ideal candidate for the Compliance Specialist role is a seasoned professional with extensive experience in conducting security audits and ensuring compliance with government regulations, including RMF, NIST, and NISPOM. They possess strong knowledge of cybersecurity frameworks, such as CMMC, and have a proven ability to assess, monitor, and improve the security posture of classified and unclassified Information Systems. Additionally, they are adaptable, with the capability to work both onsite and remotely while managing complex security requirements.

Key Responsibilities:

Perform comprehensive audits of Information Systems (IS) to validate compliance with government regulations, including NISPOM, NIST, DAAPM, and CMMC standards.

Assess the effectiveness of security controls within IS environments to ensure compliance with Authorization to Operate (ATO) or other regulatory requirements.

Conduct assessments on the management, operations, monitoring, and technical controls employed by IS systems.

Perform open-source and internal research to identify current threat indicators, vulnerabilities, and exploits.

Maintain and audit programs to ensure compliance with government regulations and laboratory information security policies.

Essential Skills:

In-depth knowledge of Risk Management Framework (RMF), NIST SP 800-53, NIST SP 800-171, STIGs, and related security policies.

Experience with compliance auditing, security reviews, and vulnerability assessments.

Knowledge of government regulations such as NISPOM, FAR/DFARS Safeguarding CUI series (252.204-7012), and Assessment and Authorization processes (e.g., DAAPM, Joint SAP Implementation Guide).

Requirements:

Bachelor’s degree in Computer Science, Information Technology, Computer Information Systems, or related field.

Minimum 7 years of experience conducting risk assessments and security audits.

Technical experience or certifications (CISSP, CISA) may be considered as a substitute for education and experience.

Ability to interpret and apply government regulations, policies, and procedures.

Preferred Qualifications:

Industry-recognized Information Assurance Certifications (CISSP, CISA, Security+, CCP/CCA, etc.).

Experience with CMMC frameworks and National Industrial Security Program Operating Manual (NISPOM) Chapter 8 compliance.

Work Schedule:

Onsite for the first 3-4 months (4 days per week).

Potential for hybrid work (2-3 days remote) after the initial ramp-up period.