Mid GRC Compliance Officer

Role: Mid GRC Compliance Officer

Location: Remote

Duration: 12+ Months Contract

Statement of Work:

The Information System Security Officer (ISSO) role supports compliance with NIST 800-53 Risk Management Framework (RMF) compliance requirements. The ISSO must effectively communicate with stakeholders, including IT managers, and auditors. The ISSO manages, tracks, and reports to customer contractually required security Key Performance Indicators (KPIs) and reports IT metrics. The ISSO will establish and gather, analyze, report security metrics, ensure continued security control compliance, and maintain active system Authority To Operate (ATO).

Task Description:

This role is expected to have expertise in the NIST RMF process, security controls, system security plan (SSP) development and publishing of system security artifacts. The lead ISSO monitors daily squad scrums, daily scrum of scrums and semi-weekly update to leadership for actions required. This role provides Information Assurance subject matter expertise and translates security needs into technical solutions.

Required skills/Level of Experience:

• Conduct NIST Information Assurance Control Assessment 5 or more years experience
• NIST Risk Management Framework (RMF) 5 or more years experience
• Vulnerability compliance and remediation reporting 5 or more years experience
• Maintain System Plan of Action and Milestones (POA&M) 5 or more years experience
• Governance, Risk, & Compliance (GRC) Applications (e.g. Xacta, Archer, CSAM or eMASS) 3 plus Years Experience
• Certified in industry recognized areas such as CISSP or CISM or CAP

Nice to have skills:

• Tenable or TrendMicro or QRadar tools and reports - 3 plus Years experience
• System Development Lifecycle (exposure)
• Azure or AWS (exposure)
• Project Planning (exposure)

Clearance Level:

• Must have Public Trust Clearance.