Lead Compliance Specialist jobs in United States
cer-icon
Apply on Employer Site
company-logo

LCG, Inc. · 1 day ago

Lead Compliance Specialist

positionRockville, MD
timeFull-time
remoteHybrid
seniorityMid, Senior Level
money$60K/yr - $130K/yr
date5+ years exp

LCG, Inc. is a company specializing in cybersecurity compliance, and they are seeking a Lead Compliance Specialist to provide senior-level leadership for cybersecurity compliance activities. The role involves leading Security Assessment & Authorization (SA&A) activities and ensuring ongoing FISMA compliance across information systems while supporting federal privacy compliance activities.

Health CareInformation Technology
check
Growth OpportunitiesbadNo H1BnoteSecurity Clearance Requirednote

Responsibilities

Lead RMF-based SA&A Execution (ATO / Reauthorization / Assessment Cycles) Lead SA&A workload planning and execution for new and existing systems requiring authorization activities, including scheduling, coordination, and workload management
Provide security expertise to ensure consistent application of SA&A processes across all SAMHSA systems and verify compliance with FISMA, NIST, HHS, and SAMHSA standards
Identify system data types (FIPS 199) and define/validate authorization boundaries prior to assessments
Control Selection, Tailoring, and Artifact Development/Quality Assist system owners/stakeholders with security and privacy control selection and tailoring based on system architecture, and ensure controls are implemented and reflected in current documentations
Develop and execute FISMA assessment test plans (initial and reassessments) and drive assessment readiness within required timelines
Gather, examine, and analyze evidence/artifacts for control assessment and remediation verification; determine risk/severity and ensure results are recorded in the agency repository
Prepare and/or revise SA&A packages within required timelines following assessment completion, ensuring alignment with federal and agency requirements
Review/revise SA&A documentation for consistency across interrelated package components (e.g., SSP/SAP/SAR and supporting artifacts), including required revisions and standardization improvements
Stakeholder Briefings, Corrective Actions, and Findings Closure Brief system owners/stakeholders, the CISO, and Authorizing Official; provide risk-based recommendations and corrective action guidance for non-compliant controls
Document assessment activities and results in sufficient detail to support external review; support government FISMA team reviews of assessment reports and conclusions
Continuous Monitoring / Ongoing Authorization Support Support implementation and execution of a NIST SP 800-137 continuous monitoring process, including periodic control assessments and evaluation of significant changes
Conduct security and privacy impact analyses related to changes that affect an information system’s ATO and support transition to Ongoing Authorization
Compliance Scanning, POA&M Governance, and Remediation Validation Coordinate enterprise-wide compliance/vulnerability testing and scanning; track results in the HHS GRC tool and prepare monthly reports
Manage and validate remediation activities in alignment with HHS POA&M policy, including evidence review from third-party vendors as required
FISMA Reporting + Data Calls / Audit Evidence Packages Support compilation of monthly/quarterly/annual FISMA reporting and maintain system inventories and POA&Ms in RSA Archer (or successor GRC tool)
Determine, gather, analyze, and quality-review evidence for HHS/internal/external audits and data calls (e.g., GAO/OIG), and brief the CISO ahead of suspense dates
Privacy Compliance Support (PIA / SORN / Privacy Act Processes) Support the SAOP by maintaining privacy program alignment, tracking systems with PII, and managing requirements for PIAs and SORNs (including updates and public posting requirements)
Develop Privacy Threshold Analysis/PIA within required timelines and support SORN lifecycle processes (creation/decommission; Federal Register publication tracking)

Qualification

FISMA complianceNIST Risk Management FrameworkSecurity Assessment & AuthorizationCISSP certificationRSA ArcherPrivacy complianceCybersecurity experienceControl selectionStakeholder communication

Required

Bachelor's degree (or related undergraduate degree) consistent with compliance/security roles supporting federal SA&A and policy requirements
CISSP or CAP or Security+ certification
Minimum 5 years of cybersecurity experience with a solid understanding of FISMA, NIST, and federal privacy laws (e.g., Privacy Act of 1974, HIPAA, etc.)
Demonstrated experience leading or coordinating RMF SA&A activities end-to-end, including workload planning, control selection/tailoring, assessment test planning/execution, artifact quality control, and findings remediation closure
Experience supporting privacy compliance deliverables (PIA/SORN tracking, Privacy Act clearance support, public posting requirements)
Extensive experience with federal cybersecurity and privacy requirements and leading SA&A activities using NIST RMF in compliance with FISMA
Strong working knowledge of FIPS 199, control implementation evidence, and maintaining assessment-ready documentation to support external review
Ability to develop/execute assessment plans, analyze artifacts, assign risk/severity, and provide actionable remediation guidance to stakeholders
Familiarity with federal privacy laws and processes (e.g., Privacy Act and related requirements) and PIA/SORN workflows
RSA Archer (or successor GRC tool) for system inventory, POA&Ms, and compliance tracking
SA&A/RMF artifacts and evidence management including (as applicable): SSP, SAP, SAR, POA&M, assessment evidence, remediation validation packages
Vulnerability/compliance scan reporting inputs and remediation coordination outputs (monthly scanning/reporting expectation)

Preferred

Baltimore Cyber Range (BCR) Cybersecurity Technical Proficiency

Benefits

Medical, dental, and vision insurance
Life and disability insurance
Retirement plan contributions
Paid leave
Federal holidays
Professional development opportunities
Lifestyle benefits

Company

LCG, Inc.

twittertwittertwitter
company-logo
LCG is an information technology company specializing in scientific research support, grants management, and health IT services.
dateFounded in 1990
location
Rockville, Maryland, USA
people-size201-500 employees
web-link
http://lcginc.com

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
Melissa McCullough
Executive Vice President and CFO
linkedin
leader-logo
Carey Parrett, MBA
Vice President and Chief Delivery Officer
linkedin
Company data provided by crunchbase