Compliance Specialist

Aquila Technology

Lexington, MA(remote)

JOB DETAILS
SKILLS
Auditing, CISA - Certified Information Systems Auditor, CISSP - Certified Information Systems Security Professional, Cellular Telephone, Code of Federal Regulations, CompTIA Security+, Computer Science, Computer Security, Contract Requirements, Customer Experience, Customer Relations, Customer Support/Service, Defense Federal Acquisition Regulations Supplement (DFARS), Employee Benefits, Federal Acquisition Regulations (FAR), Government Policies, Government Regulations, HIPAA (Health Insurance Portability and Accountability Act), Identify Issues, Information Technology & Information Systems, Information Technology/Systems Audit, Information/Data Security (InfoSec), Insurance Certifications, Internet Security, Laptop PC, Maintain Compliance, Microsoft Excel, Mobile Devices, Network Security, Open Source, Operational Communications, PCI, Policy Development, Presentation/Verbal Skills, Publications, Purchasing/Procurement, Regulatory Compliance, Reimbursement, Research & Development (R&D), Risk, Risk Analysis, Risk Management Framework (RMF), SAP, Secret Clearance, Security Auditing, Security Compliance, Security Monitoring, Stress Testing, System Test, Team Player, Time Management, Tuition Fees, Tuition Reimbursement, U.S. National Institute of Standards and Technology (NIST), United States Citizen, United States Department of Defense (DoD), Work From Home, Writing Skills
LOCATION
Lexington, MA
POSTED
1 day ago

IT Security Risk Auditor

Clearance Level: Must be able to obtain an Active Secret Clearance to be considered. Must be US Citizen

Location: Must be within 100 miles from Lexington, MA

At Aquila Technology, you will see our team’s passion every day, whether we are building a robust, policy-compliant IT system or stress-testing a system to identify gaps and security vulnerabilities. To own the advantage, we ensure our team owns results and gets the work done right the first time by deploying smart, purposeful solutions that work. Aquila is the right people with the right skills driving the right outcomes. We call this the Aquila Advantage.

About the Role:
Aquila Technology is seeking a IT Security Risk Auditor to join its team in support of one of the nation's premier defense research organizations. The teams overall mission is to enable research and development while keeping the organizations community safe and secure through the protection of information, network, facilities and personnel. The IT Security Risk Auditor position performs audits of classified and unclassified Information Systems (IS) to ensure that they are being maintained in a compliant manner and are following applicable laws and government regulations, such as National Industrial Security Program Operation Manual (NISPOM) guidelines regarding the protection of classified information systems, National Institute of Standards and Technology (NIST) standards and special publications, Cybersecurity Maturity Model Certification (CMMC), DCSA Assessment and Authorization Process Manual (DAAPM) and organizational Information System Security Procedures. The candidate must be knowledgeable in fundamental computer security principles and policies: Security Technical Implementation Guides (STIGs), NIST 800-53/Risk Management Framework (RMF), CNSSI 1253, and DOD Manual 5205.07 Volumes 1-4, NIST SP 800-171 and DAAPM 2.0.

The IT Security Risk Auditor will be responsible for maintaining and auditing programs to validate compliance with various government regulations and organizational Information Security policies. The position is responsible for conducting comprehensive assessments of the management, operation, monitoring and technical security controls employed within or inherited by Information Systems to determine the overall effectiveness of the controls (i.e. the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome) with respect to meeting the security requirements of the Authorization to Operate (ATO) or other government regulation or contractual requirement for the system and for the ability to conduct open source and internal research to identify current threat indicators, exploits, and vulnerabilities.

Requirements:

  • Bachelor’s degree in Computer Science, Information Technology, Computer Information Systems, or related field is required with a minimum of seven (7) years’ experience conducting risk assessments.
  • Experience in compliance auditing, security reviews, or vulnerability assessments.
  • Technical experience and skills, course work completed toward a degree, and industry IT certifications (i.e. CISSP, CISA) may be considered substitutes for education and experience.
  • In-depth knowledge of information security principles and policies such as Risk Management Framework (RMF) as presented by the National Institute of Standards and Technology (NIST), NIST SP 800-171 and Security Technical Implementation Guides (STIGs).
  • The ability to read, understand and apply government regulation, policies and procedure such as the National Industrial Security Program Operating Manual (NISPOM), 32 CFR Part 117, FAR/DFARS Safeguarding CUI series (252.204-7012, etc.), computer security principles and policies, to include, Security Technical Implementation Guides (STIGs) and NIST 800-53 / Risk Management Framework (RMF) and NIST SP 800-171.
  • Working experience directly related to Assessment and Authorization using at least one of the following:
  • NIST 800-53/Risk Management Framework (RMF)
  • Joint Special Access Program (SAP) Implementation Guide
  • NIST SP 800-171 Understanding of CMMC Framework
  • National Industrial Security Program Operating Manual (NISPOM) Chapter 8

Preferred:

  • Information Assurance Certifications preferred (CISSP/CISA, Security+, CCP/CCA, or other industry-recognized Certification that validate knowledge in Cybersecurity framework or equivalent).
  • Direct experience with DCSA facility compliance reviews and security audits.

Must Have

  • Degree Level: Bachelor's Degree
  • 7 years Compliance & Auditing
  • 7 years Document audit findings, including non-compliance issues or deviations
  • 7 years Identify potential compliance issues and recommend policy/procedure changes
  • 3 years IT system security compliance (NIST, PCI, HIPPA, CMMC)
  • 7 years Support preparation for audit/review activities
  • 3 years Government Policy/Regulations
  • 3 years STIG Compliance
  • 3 years NISPOM 32 CFR Part 117 experience
  • 3 years NIST 800-171
  • 3 years NIST 800-53
  • 3 years Risk Management Framework (RMF)
  • 7 years MS Suite (Excel, ppt)
  • Strong Verbal and Written Communication
  • Strong Time Management

Nice to Have

  • Certification: Security+ CE, CASP, CISSP, or similar security certification
  • Cybersecurity Maturing Model Compliance (CMMC)

Benefits and Perks:
Aquila team members experience the opportunity to be part of a fast-paced, customer-focused, and technically innovative work environment. Aquila strives to deliver the best of the best in technical services to our customers. Candidates that possess a love for technical challenges, a desire to constantly learn, and the desire to establish themselves as critical players within a team will enjoy calling Aquila Technology home.

Our Perks Include:

PTO - 15 days (vacation/sick) 10 paid holidays - 6 standard (New Year’s, Memorial Day, Independence Day, Labor Day, Thanksgiving, and Christmas) - 4 floating holidays prorated based on your day of hire:

  • 1.5 paid days, or 12 hours, for approved volunteer work
  • 1 week of paid maternity/paternity LOA after 1 year of Full-time employment

Tuition & Training Reimbursement- 5K annually for pre-approved, Eligible full-time team members who have completed a minimum ofsix (6) months of employment may apply for tuition reimbursement for approved, job-related courses taken through an accredited college or university. Team members must achieve a grade of “B” or better to qualify for reimbursement.Aquila will reimburse up to $5,000 per fiscal year for tuition expenses only. Expenses related to training programs, certifications, books, materials, meals, transportation, or other non-tuition costs are not eligible under the Tuition Reimbursement Program. All tuition reimbursement requests must be submitted to and approved by the team member’s Manager prior to course registration. Reimbursement will be issued upon successful course completion and submission of final grades and proof of payment.

401K with Fidelity - Eligible to participate following 90 days of employment. Company match on employee contribution:

  • $1/$1 up to 3%, then .50 cents / $1 for 4th and 5th %s
  • Fully vested from day one
  • Company match does not apply to catch-up contribution

Cell Phone & Internet Reimbursed up to $150 monthly to cover cell phone, data, and home internet expenses. Aquila Technology will reimburse team members who work from home ONLY for cell phone/mobile device fees for work-related communications and/or operations each month. Employees eligible for this benefit must work remote 2 days a week or more to qualify.

Buy Your Own Device (BYOD) - Team members are eligible for reimbursement of up to $1,500 every three (3) years for the purchase of electronic equipment used to access corporate services. To qualify for this benefit, employees must have completed a minimum of six (6) months of employment and must agree to and sign the Device Minimum Configuration Form prior to reimbursement. Electronic devices eligible under the Buy Your Own Device (BYOD) program are limited to cell phones, laptops, and tablets.

Location: This position will be predominantly onsite for the first 3-4 months (probably 4 days/wk onsite). After the initial ramp up period, there may be an opportunity for more remote, 2-3 days/week. Long term, candidate must be comfortable with being onsite at least 2+ days and as needed for the project work. Must be within 100 miles from Lexington, MA

Clearance Level: An interim clearance is sufficient for starting, but the candidate will need to clear up to the Top Secret Level.

Interview Process: Interviews: 2 rounds of zoom interview

We are an Equal Opportunity Employer

About the Company

A

Aquila Technology