Acquisitions Management, Analysis Skills, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Change Management, Computer Security, Consulting, Customer Support/Service, Data Analysis, Dental Insurance, FISMA - Federal Information Security Management Act, Federal Government, GIAC - Global Information Assurance Certification, GSLC - GIAC Security Leadership Certificate, IT Procurement, Information Technology & Information Systems, Information/Data Security (InfoSec), Internet Security, Law Enforcement, Maintain Compliance, Management Consulting, Operations Management, Performance Metrics, Policy Development, Privacy Controls, Problem Solving Skills, Professional Services, Project Lifecycle, Project/Program Management, Publications, Regulatory Compliance, Regulatory Requirements, Risk, Risk Analysis, Risk Management Framework (RMF), Security Compliance, Security Policy, Service Level Agreement (SLA), Small Business, U.S. National Institute of Standards and Technology (NIST), United States Citizen, Vision Plan
Associate / IT Security Compliance Specialist (0036)
OCT Consulting is a management and technology consulting firm that supports Federal Government clients. We provide consulting services in the areas of Data Analytics, Change Management, Program and Project Management, Acquisition/Procurement, and Information Technology.
OCT is currently looking for an Associate to join our growing Cybersecurity practice. This position will primarily support a federal client as an IT Security Compliance Specialist, which is a hybrid position requiring at least 3 days per week onsite in Suitland, MD. The ideal candidate will be proficient in key areas of security such as: Vulnerability Management, Intrusion Prevention and Detection, Access Control and Authorization, Policy Enforcement, Application Security, Protocol Analysis, Firewall Management, Incident Response, Data Loss Prevention (DLP), Encryption, Two-Factor Authentication, Web filtering, and Advanced Threat Protection.
Responsibilities will include, but are not limited to:
- Analyze management and technical controls to ensure that specific security and compliance requirements are met through the verification of documented processes, procedures, and standards in order to validate the maintenance of secure configurations.
- Map requirements and regulatory requirements across the Risk Management Framework (RMF) information security framework to identify overlapping requirements and compliance efficiencies.
- Track enterprise compliance across multiple security frameworks including Service Organization Control Type 2 (SOC 2), National Institute of Standards and Technology (NIST), and Federal Information Security Management Act (FISMA) and maintain up-to-date records of requirements and corresponding mitigating controls.
- Monitor third-party risk assessments and assist in performing internal risk assessments.
- Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle.
- Monitor change management process to ensure compliance.
- Develop key performance metrics to track and ensure compliance with established policies and standards.
- Support the development of security processes and procedures and support service-level agreements to ensure that security controls are managed and maintained.
- Participate in the development of security and privacy awareness training in conjunction with other members of the Security Compliance group.
Requirements
Requirements:
- 7+ years of experience with A&A support.
- Proficient in all steps in the NIST RMF framework
- Knowledgeable in NIST special publications such as 800-53 & 800-53A
- Bachelor's degree or equivalent experience.
- Must have at least one of the following certifications: CAP, GIAC, GSLC, CISM, CRISC, CISSP, or CASP
- Must be a US Citizen.
- Must be able to obtain and maintain a Public Trust Clearance (the investigation will involve a credit, fingerprint, and law enforcement agency check).
Benefits
Benefits
The position includes competitive compensation and a full suite of benefits:
- Medical, Dental, and Vision insurance
- Retirement savings 401K plan provided by an industry-leading provider with 3% employer contributions.
- Paid Time Off
- Life Insurance, Short- and Long-Term Disability benefits
- Training Benefits
Salary: $110,000-$130,000 to commensurate with experience, education, etc.
About OCT Consulting
OCT Consulting LLC is a Small Business (SB) providing professional services and information technology solutions to the Federal government and commercial clients. Founded in 2013, we bring the agility of operations and a management team with a track record of leading successful engagements at major Federal government agencies.
At OCT we believe in creating a work environment where employees can thrive based on their abilities, skills, and achievements. We are dedicated to providing career growth and professional development based on individual merit and fostering a workplace where everyone’s contributions are valued and recognized.