Information Security Compliance Analyst (A&A, OT/ICS) - Hybrid

Macro Pros (Alluvial Concepts) is seeking an Information Security Compliance Analyst with strong Assessment & Authorization (A&A) experience and deep knowledge of NIST SP 800-53 Rev. 5. This is a long-term contract with the potential to convert to full-time with one of the top government integrators in the industry.

This is a hybrid role (2 days onsite in Bethesda, MD - flexible on days, 3 days remote).

Requirements:

• Must currently live in the Washington, DC metro area
• U.S. Citizen
• Ability to pass a standard background check and obtain a Public Trust clearance

What You'll Do:

• Analyze, review, monitor, and reassess the adequacy of information security controls across the organization
• Execute technical risk assessments using NIST SP 800-53 Rev. 5 across various systems, technologies, and environments
• Perform security audits, internal assessments, risk assessments, and support independent external audits
• Develop clear and effective methods for reporting assessment results to executive leadership
• Advise on and help establish sound information security processes and controls aligned with federal policies and SOPs
• Work closely with implementation teams to ensure solutions meet security requirements throughout the system lifecycle
• Verify that implemented controls are operating as designed
• Liaise with client A&A teams to support ATO efforts for new and existing systems
• Organize and conduct control assessments to validate ATO and audit readiness
• Partner with project managers, technical leads, and client stakeholders to assess, report, and remediate control gaps

Qualifications:

• 6+ years supporting federal government systems and conducting A&As for ATOs
• Strong experience evaluating system security posture and providing risk-based findings and recommendations
• Demonstrated expertise with:
  • NIST SP 800-53 Rev. 5, 800-37, 800-82 Rev. 3
  • FIPS 199 & 200
  • FISMA, CNSS, FISCAM, GAO Green Book
• Experience helping system owners and stakeholders understand and implement federal security requirements
• Proven ability to assess control design and operational effectiveness
• OT / ICS experience preferred

Client Requirements:

• Bachelor's degree in Computer Science, Information Systems, Engineering, Business, or a related field
• CISA certification

#Dice