Cyber Compliance Analyst
Northern VA

Tiber Creek Consulting, Inc. is seeking an experienced Cybersecurity Compliance Analyst. IT and/or cybersecurity compliance experience is required, as you will serve as an information security subject matter expert (SME) as part of our growing cybersecurity operations team in Northern VA / Telework. You will support commercial clients in navigating the complexities of cybersecurity compliance. You will support executing full Security Assessments, evaluating risks, implementing/managing information security compliance related documentation (i.e. Policies, procedures, SSPs, POAMs, etc.), providing technical and security control related guidance/strategies, managing a vulnerability management process, propose recommendations on remediation solutions, providing oversight and guidance related to cybersecurity compliance, proposing intuitive ways to solve complex cybersecurity compliance challenges, navigating Plan of Action and Milestones (POA&M) process, maintaining communication with client stakeholders, establishing and performing continuous monitoring strategies and solutions, managing cybersecurity compliance related project plans, and testing system technical security configuration settings and developing reports

The successful candidate demonstrates subject matter expertise in security control, NIST 800-171 and CMMC; leverages knowledge of Plan of Action and Milestones (POA&M) management and continuous monitoring objectives; provides guidance on system technical security configurations and solutions to meet compliance requirements; reviews various system scan results for compliance with industry standards, and assists with developing and reviewing compliance reports that clearly identify security findings and proposed remediation strategies. Your ability to multi-task and support a cross-matrixed team efficiently by working through many client projects and supporting internal team functions as well as experience solving complex information security related challenges and proposing strategic and pragmatic approaches to the team and clients, make you a great fit for this position.

We offer generous medical, dental, and disability insurance benefits, flexible spending, 401(k), ample vacation/leave time, training/skill building opportunities and a great work environment.

Apply To:https://tibercreek.com/careers/apply/
Education:Associates and/or Bachelors Degree in related IT or Cybersecurity preferred.
Certifications:Required - Security+. Preferred - CISA, CASP, CAP, or CISSP.
Experience:Minimum of 2 years’ related work experience in IT and/or cybersecurity compliance are required to be considered for this position.
Clearance:Candidates must be US citizens who are clearable for a DoD Secret clearance, due to contract requirements.
Related Experience Should Include:
  • Understanding of information security related processes, frameworks, standards, and regulations and working with software and system engineers.
  • Experience with compliance frameworks such as NIST SP800-171 and Cybersecurity Maturity Model Certification (CMMC).
  • Security system analysis skills and understanding of Cyber and IT security risks, threats and prevention measures.
  • Background in IT related positions and technical skills of modern enterprise IT systems.
  • Documenting any cybersecurity compliance related artifacts to include but not limited to System Security Plans (SSP), Ports, Protocols, Services; Remediation Consolidation Plans (RCP), Plan of Action and Milestones (POA&M), Information System Contingency Plan (ISCP), Incident Response Plan (IRP), Continuous Monitoring Strategies/Plans, Information System Vulnerability Management (ISVM), etc.
  • Proposing and providing guidance in compliant technologies, architectures, and solutions.
  • Experience with cloud security approaches and cloud architectures. Preferred experience with Microsoft Office 365.
  • Experience with Cybersecurity and/or Enterprise IT Management related tools, solutions and content is preferred such as - SCAP/STIG, CIS Benchmarks, Nessus/Tenable, SIEM, Active Directory, MFA, SSO, Endpoint Protection, EDR, etc.
  • Knowledgeable of Cybersecurity/IA solutions/architectures such as PKI, VPN, Enterprise Firewalls, IPS, IDS, SCAP, STIG, Nessus, ACAS, SIEM, HIDS, NIDS, MFA, EDR, FIM, CMDB, Vulnerability Scanners, AV solutions, data at rest encryption solutions, data in transit encryption solutions, penetration testing tools, etc.
  • Understanding of networking and network security; cloud security, network monitoring solutions/approaches.
  • Experience in writing and designing information security policies, procedures, standards, guides, plans, etc.
Job Duties:
  • Generate and design a variety of documentation and navigating associated processes such as System Security Plans (SSP), Plan of Actions and Milestones (POA&M), Information System Vulnerability Management (ISVM), Continuous Monitoring Strategies, Security Operation Center (SOC) strategies, Information System Contingency Plans (ISCP), Incident Response Plans (IRP), Configuration Management Processes, etc.
  • Support Incident Response (IR) actions and reporting.
  • Write/develop security and risk reports and related documentation.
  • Consult clients on various mitigation and remediation solutions/methods.
  • Navigate and manage compliance audits and assessments.
  • Provide Subject Matter Expertise (SME) input to System Engineers, IT engineers, Project Managers, Software Engineers, and business teams to implement compliant configurations, policies, processes and solutions, including methods to implement NIST SP800-171 and CMMC compliant strategies/solutions for cloud systems and on premise systems.
  • Perform Information System wide risk analysis and vulnerability assessments and management.
  • Provide SME support for automating cybersecurity operations via technology solutions and strategies.
Minimum Qualifiers:
  • Unable to work with 3rd party candidates or agencies.
  • Must be local to the Northern Virginia area.
  • Must be US citizen clearable for a DoD Secret clearance, due to contract requirements.

Interested in Joining Our Team?

Apply Now
Back to Careers