Mid GRC Compliance Officer
Posted Today by 1759916413
Negotiable
Outside
Remote
USA
Summary: The Mid GRC Compliance Officer role focuses on ensuring compliance with NIST 800-53 Risk Management Framework requirements. The position involves managing security metrics, communicating with stakeholders, and providing subject matter expertise in Information Assurance. The officer will also oversee the development of security artifacts and maintain system compliance. This is a remote position for a contract duration of 12+ months.
Key Responsibilities:
- Support compliance with NIST 800-53 Risk Management Framework (RMF) requirements.
- Communicate effectively with stakeholders, including IT managers and auditors.
- Manage, track, and report security Key Performance Indicators (KPIs) and IT metrics.
- Establish, gather, analyze, and report security metrics to ensure compliance.
- Maintain active system Authority To Operate (ATO).
- Monitor daily squad scrums and provide updates to leadership.
- Translate security needs into technical solutions.
Key Skills:
- 5 or more years of experience in NIST Information Assurance Control Assessment.
- 5 or more years of experience in NIST Risk Management Framework (RMF).
- 5 or more years of experience in vulnerability compliance and remediation reporting.
- 5 or more years of experience in maintaining System Plan of Action and Milestones (POA&M).
- 3 plus years of experience with Governance, Risk, & Compliance (GRC) Applications (e.g. Xacta, Archer, CSAM or eMASS).
- Certification in industry recognized areas such as CISSP or CISM or CAP.
Salary (Rate): undetermined
City: undetermined
Country: USA
Working Arrangements: remote
IR35 Status: outside IR35
Seniority Level: undetermined
Industry: Other
Role: Mid GRC Compliance Officer
Location: Remote
Duration: 12+ Months Contract
Statement of Work:
The Information System Security Officer (ISSO) role supports compliance with NIST 800-53 Risk Management Framework (RMF) compliance requirements. The ISSO must effectively communicate with stakeholders, including IT managers, and auditors. The ISSO manages, tracks, and reports to customer contractually required security Key Performance Indicators (KPIs) and reports IT metrics. The ISSO will establish and gather, analyze, report security metrics, ensure continued security control compliance, and maintain active system Authority To Operate (ATO).
Task Description:
This role is expected to have expertise in the NIST RMF process, security controls, system security plan (SSP) development and publishing of system security artifacts. The lead ISSO monitors daily squad scrums, daily scrum of scrums and semi-weekly update to leadership for actions required. This role provides Information Assurance subject matter expertise and translates security needs into technical solutions.
Required skills/Level of Experience:
- Conduct NIST Information Assurance Control Assessment 5 or more years experience
- NIST Risk Management Framework (RMF) 5 or more years experience
- Vulnerability compliance and remediation reporting 5 or more years experience
- Maintain System Plan of Action and Milestones (POA&M) 5 or more years experience
- Governance, Risk, & Compliance (GRC) Applications (e.g. Xacta, Archer, CSAM or eMASS) 3 plus Years Experience
- Certified in industry recognized areas such as CISSP or CISM or CAP
Nice to have skills:
- Tenable or TrendMicro or QRadar tools and reports - 3 plus Years experience
- System Development Lifecycle (exposure)
- Azure or AWS (exposure)
- Project Planning (exposure)
Clearance Level:
- Must have Public Trust Clearance.