Information Security Compliance Manager

Alternate Information Security Compliance Manager

Hiring Department:

Applied Research Laboratories

Purpose

The Alternate Information Security Compliance Manager will help scale ARL:UT's compliance program to accommodate growing and evolving organizational and customer needs. This role provides backup support for the Information Security Compliance Manager and assists the Information System Security Manager in reviewing classified information systems. Collaboration with internal and external stakeholders, including system engineers, administrators, sponsors, and other organizations, is key.

Responsibilities

• Ensuring classified systems adhere to government and ARL regulations while meeting program demands and maintaining an accredited state.
• Assisting with daily IT governance, risk management, and compliance functions.
• Ensuring classified information systems comply with Risk Management Framework (RMF) requirements for National Security computing environments, as defined by NIST 800-Series, DAAG, and JSIG.
• Conducting continuous monitoring reviews and self-assessments of classified information systems and their security controls for government and ARL policy compliance.
• Overseeing compliance assurance for daily information security measures in line with NISPOM, DAAG, JSIG, DISA, and other RMF requirements.
• Assisting in updating and maintaining system-level Plan of Action and Milestones (POA&M) through compliance checks, STIG, SCAP, and Nessus Scanning reviews.
• Drafting detailed reports on compliance and self-inspection outcomes for management review.
• Managing and maintaining a compliance database, including control policy descriptions and compliance status.
• Supervising a small team of Information Security Compliance Analysts.
• Performing other related functions as assigned.

Required Qualifications

• High School Diploma/GED.
• Five years of relevant cybersecurity experience, including compliance assessment and planning through STIG and POA&M processes.
• Two years of experience with RMF, DAAG, NISPOM, JSIG, or equivalent security frameworks.
• Ability to assess security posture by identifying and mitigating vulnerabilities.
• A current Security+ or IAM/IAT II equivalent level certification, or completion upon start date.
• Strong multitasking skills with attention to detail.
• Relevant education and experience may be substituted as appropriate.
• US Citizenship is required.

The selected applicant will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Employment is contingent upon obtaining and maintaining the necessary security clearance.

Preferred Qualifications

• Bachelor's Degree in Computer Science, Cyber Security, or related field.
• Experience as an Auditor, ISSO, ISSE, Security Architect, or Information Security Analyst.
• 5+ years of cybersecurity experience in classified DoD environments.
• Over five years of experience with Linux environments.
• Experience with vulnerability/compliance scanning tools (ACAS/Nessus, Retina, MBSA, SCAP, etc.).
• Experience with STIG/SRG compliance configuration implementation.
• Eligibility for immediate access to classified information.

Key skills/competency

• Information Security Compliance Manager
• Cybersecurity
• Risk Management Framework (RMF)
• NIST 800-Series
• STIG
• POA&M
• Classified Information Systems
• Nessus Scanning
• Compliance Database Management
• Security Auditing