Compliance Specialist / Cloud ISSO

About The Position

Requirements

• 5+ years’ experience as a Cloud Information Security Officer or similar role, with a strong background in cloud security and infrastructure
• Deep understanding of cloud platforms, such as AWS, Azure, and Google Cloud, and experience in implementing federal security controls within these environments
• Knowledge of regulatory requirements and industry standards related to cloud security
• Strong analytical and problem-solving skills, with the ability to assess and address security risks effectively
• Excellent communication skills to interact with technical and non-technical stakeholders
• Ability to work independently and collaboratively in a fast-paced, evolving environment
• Understanding of cloud and cloud security concepts
• Experience with FedRAMP authorizations
• Experience with Enterprise Architecture
• Understanding of Cloud architectures and environments and control selection available to be inherited from a parent/child system relationships
• Understanding of Cloud provided architectures and tools within the (AWS, Azure, AWS, and IBM framework)
• Understanding of FISMA requirements
• Understanding of the NIST Risk Management Framework
• Familiarity with the NIST security control catalog
• Experience supporting Federal Government High to Moderate Systems
• Understanding of the NIST Cybersecurity Framework
• Ability to provide technical expertise to assist Stakeholders to implement security enterprise tools required by the agency and parent agencies
• Must be organized, timely, and customer-service oriented
• Proficient in time management
• Ability to work well independently and in a team setting
• Adaptability, flexibility and ability to deal with ambiguity and change
• Excellent oral and written communication and customer service skills
• Excellent analytical skills and attention to detail
• At least one: CCSP CISM CISSP-ISSEP CCSK CompTIA Cloud+

Responsibilities

• Provide outstanding FISMA Compliance Support and ensure appropriate steps are taken to implement security requirements within the agency’s FISMA systems throughout their life cycle using NIST-based security model (Risk Management Framework (RMF)
• Provide advisory and consulting support to the key stakeholders (System Owners, and ISSO) on security recommendation and /or improvement
• Assist in implementing the FISMA Compliance program including managing systems security authorizations for all of the agency’s cloud IT systems serving as the Information Systems Security Officer (ISSO)
• Develop and implement comprehensive cloud security strategies, policies, and procedures to protect the organization’s cloud-based information systems
• Collaborate with cross-functional teams to assess security requirements, design security controls, and ensure secure cloud infrastructure deployment
• Monitor and analyze cloud security incidents, vulnerabilities, and respond promptly to mitigate risks
• Conduct and participate in regular security assessments of cloud environments to identify potential weaknesses and recommend improvements to stakeholders
• Stay up-to-date with the latest industry trends, emerging threats, and best practices in cloud security to continuously enhance the organization’s security posture
• Collaborate with stakeholders to ensure compliance with current regulations and standards (e.g., FISMA, NIST, FedRAMP)
• Provide expert guidance on security architecture and design for cloud-based applications
• Evaluate and provide technical recommendations on approaches and techniques to the Cloud implementation teams
• Assist customers with information on emerging cloud and innovative technologies on how they can be adopted within the framework of a cloud topology
• Support the development of a security focused cloud architectural strategy and framework that maps cloud service offerings and provides critical technical feedback and recommendations on areas of improvements for child systems to inherit
• Support Cloud Provisioning, Orchestration, and FISMA compliance for the different cloud services; Azure, AWS, and IBM
• Hands-on cloud based cyber security monitoring tools experience, conduct and evaluate/analyze vulnerability results from the following set of tools to include but not limited to Tenable.sc, Nessus, BigFix, Arcsight, and WebInspect
• Ability to manage and identify vulnerabilities, risks, and recommend needed protection as it relates to information systems
• Oversees and support all Assessment & Authorization (A&A) activities to include reviewing team work products/deliverables for consistency and completeness
• Ensure IT systems have appropriate baseline security controls in place and functioning properly in accordance with NIST 800-53A publication
• Ability to provide IT security guidance and recommendation in all aspects of security
• Ability to evaluate compliance of various information system core documents such as the SSP, BIA, CP, CPTR, PTA/PIA, FIPS 199/200 and other relevant security documents (Network Diagrams)
• Maintain mechanisms to manage and track corrective actions activities (POA&Ms) through development of artifacts and security documentation and ensure timely closure of Plan of Action and Milestones (POA&Ms)
• Respond to IT security requests for information, data calls, & metrics
• Participate in formal and in-formal management planning meetings; constantly briefing both technical and non-technical stakeholder of system security statuses
• Ability to Identify, Report, and Resolve security violations
• Recommend technical solutions and provide input to policy development
• Support working groups on specific projects

Benefits

• Joining the Alpha Omega team entitles you to participate in all retirement benefits, plans of deferred compensation, health and insurance benefits, and other such benefits as set forth in the company’s policy and benefits manuals.
• PTO including paid parental, military, and bereavement leave
• Eleven (11) paid Federal holidays, five of which are floating holidays (as designated by the company’s holiday schedule each year)
• Health and Dental Insurance (including 100% employer paid premiums for employee coverage under the HDHP health plan)
• Life Insurance, STD/LTD term disability coverage, with employer paid premiums
• 401 (k) plan with a match that is 100% vested after you complete two years of service
• FSA/DFSA/HSA flexible benefit plans
• Annual Tuition & Professional Development Reimbursement benefit