Compliance Specialist / Cloud ISSO

About the position Alpha Omega is seeking a qualified Compliance Specialist / Cloud ISSO for a hybrid position on a Federal program. Key Responsibilities: Candidate will provide outstanding FISMA Compliance Support and ensure appropriate steps are taken to implement security requirements within the agency’s FISMA systems throughout their life cycle using NIST-based security model (Risk Management Framework (RMF). Candidates will also provide advisory and consulting support to the key stakeholders (System Owners, and ISSO) on security recommendation and /or improvement. Candidates must have a thorough understanding of cloud architectures including emerging cloud and innovative technologies and providing security in a cloud-based environment. Candidate must have a thorough understanding of the NIST publications with emphasis on current versions of SP 800-37, 800-53, 800-53A, FIPS 199, FIPS 200, President’s Executive Orders, DHS Binding Operational Directive (BOD), and Office of Management and Budget Memorandums (OMB). As well as experience in preparing and assessing documents such as; System Security Plans (SSPs), Contingency Plans (CPs), Business Impact Analysis (BIA), Risk Assessment Reports (RARs), Configuration Management Plan (CMP), Privacy Threshold Analysis (PTA)/Privacy Impact Analysis (PIA), and Plan of Action & Milestones (POA&M). The candidate must possess effective interpersonal and professional communication skills as he/she operates in a client-facing role.

Responsibilities

• Assist in implementing the FISMA Compliance program including managing

systems security authorizations for all of the agency’s cloud IT systems serving as the Information Systems Security Officer (ISSO).

• Develop and implement comprehensive cloud security strategies, policies, and

procedures to protect the organization’s cloud-based information systems.

• Collaborate with cross-functional teams to assess security requirements,

design security controls, and ensure secure cloud infrastructure deployment.

• Monitor and analyze cloud security incidents, vulnerabilities, and respond

promptly to mitigate risks.

• Conduct and participate in regular security assessments of cloud environments

to identify potential weaknesses and recommend improvements to stakeholders.

• Stay up-to-date with the latest industry trends, emerging threats, and best

practices in cloud security to continuously enhance the organization’s security posture.

• Collaborate with stakeholders to ensure compliance with current regulations

and standards (e.g., FISMA, NIST, FedRAMP).

• Provide expert guidance on security architecture and design for cloud-based

applications.

• Evaluate and provide technical recommendations on approaches and techniques

to the Cloud implementation teams.

• Assist customers with information on emerging cloud and innovative

technologies on how they can be adopted within the framework of a cloud topology.

• Support the development of a security focused cloud architectural strategy

and framework that maps cloud service offerings and provides critical technical feedback and recommendations on areas of improvements for child systems to inherit.

• Support Cloud Provisioning, Orchestration, and FISMA compliance for the

different cloud services; Azure, AWS, and IBM.

• Hands-on cloud based cyber security monitoring tools experience, conduct and

evaluate/analyze vulnerability results from the following set of tools to include but not limited to Tenable.sc, Nessus, BigFix, Arcsight, and WebInspect.

• Ability to manage and identify vulnerabilities, risks, and recommend needed

protection as it relates to information systems.

• Oversees and support all Assessment & Authorization (A&A) activities to

include reviewing team work products/deliverables for consistency and completeness

• Ensure IT systems have appropriate baseline security controls in place and

functioning properly in accordance with NIST 800-53A publication.

• Ability to provide IT security guidance and recommendation in all aspects of

security.

• Ability to evaluate compliance of various information system core documents

such as the SSP, BIA, CP, CPTR, PTA/PIA, FIPS 199/200 and other relevant security documents (Network Diagrams).

• Maintain mechanisms to manage and track corrective actions activities

(POA&Ms) through development of artifacts and security documentation and ensure timely closure of Plan of Action and Milestones (POA&Ms).

• Respond to IT security requests for information, data calls, & metrics.
• Participate in formal and in-formal management planning meetings; constantly

briefing both technical and non-technical stakeholder of system security statuses.

• Ability to Identify, Report, and Resolve security violations.
• Recommend technical solutions and provide input to policy development
• Support working groups on specific projects

Requirements

• 5+ years’ experience as a Cloud Information Security Officer or similar role, with a strong background in cloud security and infrastructure.
• Deep understanding of cloud platforms, such as AWS, Azure, and Google Cloud, and experience in implementing federal security controls within these environments.
• Knowledge of regulatory requirements and industry standards related to cloud security.
• Strong analytical and problem-solving skills, with the ability to assess and address security risks effectively.
• Excellent communication skills to interact with technical and non-technical stakeholders.
• Ability to work independently and collaboratively in a fast-paced, evolving environment.
• Understanding of cloud and cloud security concepts
• Experience with FedRAMP authorizations
• Experience with Enterprise Architecture
• Understanding of Cloud architectures and environments and control selection available to be inherited from a parent/child system relationships.
• Understanding of Cloud provided architectures and tools within the (AWS, Azure, AWS, and IBM framework).
• Understanding of FISMA requirements
• Understanding of the NIST Risk Management Framework
• Familiarity with the NIST security control catalog
• Experience supporting Federal Government High to Moderate Systems
• Understanding of the NIST Cybersecurity Framework
• Ability to provide technical expertise to assist Stakeholders to implement security enterprise tools required by the agency and parent agencies
• Must be organized, timely, and customer-service oriented
• Proficient in time management
• Ability to work well independently and in a team setting
• Adaptability, flexibility and ability to deal with ambiguity and change
• Excellent oral and written communication and customer service skills
• Excellent analytical skills and attention to detail

Benefits

• PTO including paid parental, military, and bereavement leave
• Eleven (11) paid Federal holidays, five of which are floating holidays

(as designated by the company’s holiday schedule each year)

• Health and Dental Insurance (including 100% employer paid premiums for

employee coverage under the HDHP health plan)

• Life Insurance, STD/LTD term disability coverage, with employer paid

premiums

• 401 (k) plan with a match that is 100% vested after you complete two years of

service

• FSA/DFSA/HSA flexible benefit plans
• Annual Tuition & Professional Development Reimbursement benefit

Apply tot his job Apply To this Job