ASRC Federal is seeking a Senior Cyber Security Compliance Analyst to serve as a subject matter expert in our Cyber Security team. This role reports to the Chief Information Security Office.

　　This is a remote position.

　　Key Role:

　　Support the cybersecurity compliance for all of ASRC Federal. Provide Cyber Compliance expertise regarding all security/compliance information technology issues across the enterprise. This includes providing objective assessments of all company compliance with security standards, contract requirements, legislative requirements, and internal risk management objectives. Collaborate with other departments to resolve compliance issues, gain consensus on proposed solutions, and direct a coordinated response. Consult with the Legal department, IT department, contract management officials, contract program managers, and others as needed to resolve compliance issues.

　　Essential Duties and Responsibilities:

　　Manage, facilitate, and improve a risk and compliance program for ASRC Federal ensuring controls are properly designed, implemented, and executed.

　　Specifically, a Compliance program must be maintained that supports CMMC, ISO27001, and NIST 800-171.

　　Collect an inventory of all information assets (applications, data, and all supporting services and infrastructure), analyzing threats and vulnerabilities to determine inherent risk to information assets.

　　Develop and implement compliance monitoring tools/methodologies to manage corporate security risk and ensure that compliance obligations are met.

　　Review the outputs from security and compliance monitoring to identify deviations from policy; communicate issues/vulnerabilities to appropriate management and IT teams in order to drive remediation tasks and monitor those task for completion and validation

　　Develop and manage enterprise vulnerability analysis and scoring capability based on asset risk.

　　Evaluate proposed changes to the environment to ensure they do not impact security compliance and make recommendations on risk, impact and supportability.

　　Participate in the Security Working Group (SWG) providing input regarding compliance metrics and reporting.

　　Collaborate and build relationships with ASRC Federal business divisions to win support for compliance initiatives and programs.

　　Work with ASRC Business divisions to ensure that IT Security Compliance is built into their respective SDLC processes. This includes application development and engineering / architecture development activities.

　　Manage, prepare and coordinate delivery and compliance reporting of security awareness training to all users of ASRC Federal information technology resources.

　　Review contracts to ensure that security compliance obligations are met on an ongoing basis.

　　Requirements :

　　Basic Qualifications:

　　10 years or more experience working in Cybersecurity and/or compliance.

　　Proven experience in operating IT systems in a accordance with federal government information security standards and regulations especially NIST/FISMA

　　Experience supporting compliance for a federal contractor and developing a compliance program that implements the requirements of NIST SP 800-171 r2 and CMMC 2.0.

　　Experience implementing ISO27001

　　Proven experience developing and submitting audit and compliance reports to executive management, legal entities, and/or external authorities.

　　Experience in planning, organizing, and developing information technology policies, procedures, and practices.

　　Demonstrated ability to apply IT in solving security/compliance issues.

　　Understanding of computer systems and integration capabilities.

　　Experience in cyber security systems engineering and architecture design, development and implementation

　　US Citizenship is required due to support of security requirements

　　Preferred Skills:

　　Security Certifications such as CISSP, CISA, or CISM

　　CMMC Registered Practitioner Certification

　　ASRC Federal and its Subsidiaries are Equal Opportunity / Affirmative Action employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.