Compliance Specialist

Lexington, MA, US • Posted 4 hours ago • Updated 4 hours ago
Contract W2
3 Years
Travel Required
On-site
Depends on Experience
Fitment

Dice Job Match Score™

📊 Calculating match score...

Job Details

Skills

  • Compliance
  • Auditing
  • NIST
  • PCI
  • HIPPA
  • CMMC
  • STIG Compliance
  • NISPOM 32 CFR Part 117
  • NIST 800-171
  • NIST 800-53
  • Risk Management Framework

Summary

Compliance Specialist

Must Have

Admin

  • Compliance & Auditing – 7 years

Degree Level

  • Bachelor''s Degree – Yes

Experience

  • Document audit findings, including non-compliance issues or deviations – 7 years
  • Identify potential compliance issues and recommend policy/procedure changes – 7 years
  • IT system security compliance (NIST, PCI, HIPPA, CMMC) – 3 years
  • Support preparation for audit/review activities – 7 years

Government Policy/Regulations

  • STIG Compliance – 3 years

Security

  • NISPOM 32 CFR Part 117 experience – 3 years
  • NIST 800-171 – 3 years
  • NIST 800-53 – 3 years
  • Risk Management Framework (RMF) – 3 years

Soft Skills

  • Strong Verbal and Written Communication – Yes
  • Time Management – Yes

Software

  • MS Suite (Excel, ppt) – 7 years

Nice to Have

Certification

  • Security+ CE, CASP, CISSP, or similar security certification – Yes

Security

  • Cybersecurity Maturing Model Compliance (CMMC) – 0 years

Background/Need

The Security Services Department’s (SSD) overall mission is to enable research and development while keeping the Lincoln Laboratory community safe and secure through the protection of information, network, facilities and personnel.


Virtual/Work from Home

  • Hybrid

Other Information Relevant to the Job Requirement

The IT Security Risk Auditor position performs audits of classified and unclassified Information Systems (IS) to ensure that they are being maintained in a compliant manner and are following applicable laws and government regulations, such as National Industrial Security Program Operation Manual (NISPOM) guidelines regarding the protection of classified information systems, National Institute of Standards and Technology (NIST) standards and special publications, Cybersecurity Maturity Model Certification (CMMC), DCSA Assessment and Authorization Process Manual (DAAPM) and Laboratory Information System Security Procedures.

The candidate must be knowledgeable in fundamental computer security principles and policies: Security Technical Implementation Guides (STIGs), NIST 800-53/Risk Management Framework (RMF), CNSSI 1253, and DOD Manual 5205.07 Volumes 1-4, NIST SP 800-171 and DAAPM 2.0.

Responsible for maintaining and auditing programs to validate compliance with various government regulations and Laboratory Information Security policies. The position is responsible for conducting comprehensive assessments of the management, operation, monitoring and technical security controls employed within or inherited by Information Systems to determine the overall effectiveness of the controls (i.e. the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome) with respect to meeting the security requirements of the Authorization to Operate (ATO) or other government regulation or contractual requirement for the system and for the ability to conduct open source and internal research to identify current threat indicators, exploits, and vulnerabilities.

Requirements

  • Bachelor’s degree in Computer Science, Information Technology, Computer Information Systems, or related field is required with a minimum of seven (7) years’ experience conducting risk assessments.
  • Experience in compliance auditing, security reviews, or vulnerability assessments.
  • Technical experience and skills, course work completed toward a degree, and industry IT certifications (i.e. CISSP, CISA) may be considered substitutes for education and experience.
  • In-depth knowledge of information security principles and policies such as Risk Management Framework (RMF) as presented by the National Institute of Standards and Technology (NIST), NIST SP 800-171 and Security Technical Implementation Guides (STIGs).
  • The ability to read, understand and apply government regulation, policies and procedure such as the National Industrial Security Program Operating Manual (NISPOM), 32 CFR Part 117, FAR/DFARS Safeguarding CUI series , etc.), computer security principles and policies, to include, Security Technical Implementation Guides (STIGs) and NIST 800-53 / Risk Management Framework (RMF) and NIST SP 800-171.
  • Working experience directly related to Assessment and Authorization using at least one of the following:
    • NIST 800-53/Risk Management Framework (RMF)
    • Joint Special Access Program (SAP) Implementation Guide
    • NIST SP 800-171 Understanding of CMMC Framework
    • National Industrial Security Program Operating Manual (NISPOM) Chapter 8

Preferred

  • Information Assurance Certifications preferred (CISSP/CISA, Security+, CCP/CCA, or other industry-recognized Certification that validate knowledge in Cybersecurity framework or equivalent).
  • Direct experience with DCSA facility compliance reviews and security audits.

Additional Details

  • This position will be predominantly onsite for the first 3–4 months (probably 4 days/week onsite).
  • After the initial ramp-up period, there may be an opportunity for more remote work, 2–3 days/week.
  • Long term, candidate must be comfortable with being onsite at least 2+ days and as needed for the project work.
  • Interim clearance sufficient for start; but candidate will need to clear up to the Top-Secret Level.
  • Interviews: 2 rounds of Zoom interview.

 

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
  • Dice Id: EMCON
  • Position Id: 2043
  • Posted 4 hours ago
Contact the job poster
SD

Shruti Dalal

Recruiter @ Minuteman Group, Inc
Create job alert
Set job alertNever miss an opportunity! Create an alert based on the job you applied for.

Similar Jobs

Natick, Massachusetts

Today

Full-time

USD 118,400.00 - 183,600.00 per year

Boston, Massachusetts

Today

Full-time

USD 87,000.00 - 109,000.00 per year

Remote

Today

Easy Apply

Contract

Depends on Experience

Remote

Today

Easy Apply

Contract

Depends on Experience

Search all similar jobs