IT Security Compliance Specialist (0036)
OCT Consulting, LLC is an SBA-certified, 8(a) small business management and technology consulting firm that provides support to Federal Government clients. We provide consulting services in the areas of Strategy, Process Improvement, Change Management, Program and Project Management, Acquisition/Procurement, and Information Technology.
OCT is currently looking for an IT Security Compliance Specialist. This is a hybrid position requiring at least 3 days per week onsite in Suitland, MD.
The ideal candidate will be proficient in key areas of security such as: Vulnerability Management, Intrusion Prevention and
Detection, Access Control and Authorization, Policy Enforcement, Application Security, Protocol
Analysis, Firewall Management, Incident Response, Data Loss Prevention (DLP), Encryption, Two-Factor
Authentication, Web filtering, and Advanced Threat Protection.
Responsibilities will include, but are not limited to:
-
Analyze management and technical controls to ensure that specific security and compliance requirements are met through the verification of documented processes, procedures, and standards in order to validate the maintenance of secure configurations.
-
Map requirements and regulatory requirements across the Risk Management Framework (RMF) information security framework to identify overlapping requirements and compliance efficiencies.
-
Track enterprise compliance across multiple security frameworks including Service Organization Control Type 2 (SOC 2), National Institute of Standards and Technology (NIST), and Federal Information Security Management Act (FISMA) and maintain up-to-date records of requirements and corresponding mitigating controls.
-
Monitor third-party risk assessments and assist in performing internal risk assessments.
-
Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle.
- Monitor change management process to ensure compliance.
- Develop key performance metrics to track and ensure compliance with established policies and standards.
- Support the development of security processes and procedures and support service-level agreements to ensure that security controls are managed and maintained.
-
Participate in the development of security and privacy awareness training in conjunction with other members of the Security Compliance group.
Requirements
Requirements:
- 7+ years experience with A&A support.
-
Proficient in all steps in the NIST RMF framework
-
Knowledgeable in NIST special publications such as 800-53 & 800-53A
- Bachelor's degree or equivalent experience.
- Must have at least one of the following certifications: CAP, GIAC, GSLC, CISM, CRISC, CISSP, or CASP
- Must be a US Citizen.
- Must be able to obtain and maintain a Public Trust Clearance (the investigation will involve a credit, fingerprint, and law enforcement agency check).
Benefits
Benefits
The position includes competitive compensation and a full suite of benefits:
- Medical, Dental, and Vision insurance
- Retirement savings 401K plan provided by an industry-leading provider with 3% employer contributions.
- Paid Time Off
- Life Insurance, Short- and Long-Term Disability benefits
- Training Benefits
Salary: $100,000-125,000 to commensurate with experience, education, etc.
About OCT Consulting
OCT Consulting LLC is a certified SBA 8(a), minority-owned, small, disadvantaged business providing professional services and Information technology solutions to the federal government and commercial clients. Founded in 2013, we bring the advantage of agility in operations led by a management team with a track record of leading successful engagements at major federal government agencies.
OCT was founded on the balanced business principles of structure with agility; innovation with purpose; and effort with value. We have created a collaborative, fulfilling, inspiring, and transparent environment that values diverse perspectives. We continually challenge ourselves to find new and better ways to do what we do, looking outward to build on industry best practices and emerging tools while creating space for all ideas. Join our team. Bring your ideas to our important work.