Demo

Cyber Security & Compliance Specialist

Melwood Horticultural Training Center Inc.
Upper Marlboro, MD Full Time
POSTED ON 5/2/2026
AVAILABLE BEFORE 7/1/2026

The Cybersecurity and Compliance Specialist is responsible for protecting Melwood's information systems, data, and technology infrastructure through the ongoing implementation, monitoring, and management of enterprise cybersecurity controls and regulatory compliance programs. This role serves as the organization's primary internal subject matter expert on cybersecurity frameworks applicable to federal contractors and regulated nonprofit environments, working in close coordination with IT leadership and external compliance advisors to build and sustain a compliant, resilient, and continuously improving security posture. The Cybersecurity and Compliance Specialist supports the preparation and maintenance of required compliance documentation, manages the organization's security operations practices, and ensures that Melwood's technology environment meets its obligations to employees, program participants, funders, and government partners. This position requires an individual with both the technical hands-on capability to implement and monitor security controls and the analytical discipline to manage compliance programs, track remediation commitments, and communicate risk clearly and accurately to leadership.

 

Responsibilities:

  • Manage the Cybersecurity Compliance Program: Develop, implement, and maintain the organization's cybersecurity compliance program across all applicable regulatory, contractual, and industry standards frameworks. Current primary obligations include federal contractor cybersecurity requirements, healthcare privacy and security standards, federal grants management requirements, and commercial assurance standards. Maintain required compliance documentation including the System Security Plan (SSP) and Plan of Action and Milestones (POA&M). Track remediation commitments, coordinate with IT staff and technology partners on control implementation, and prepare the organization for third-party assessments and audits across all applicable compliance domains.
  • Conduct Security Assessments and Gap Analysis: Perform ongoing assessments of the organization's security posture against all applicable regulatory, contractual, and standards frameworks. Identify control gaps, document findings, assign remediation ownership, and track closure through to completion. Support external assessors, auditors, and certification bodies with documentation, evidence, and technical response regardless of which framework or standard is driving the review
  • Manage Vulnerability and Patch Programs: Administer the organization's vulnerability management program including scheduled scanning, findings triage, remediation coordination, and reporting. Work with IT infrastructure and application teams to ensure security patches are applied within required timeframes consistent with applicable framework obligations and organizational risk tolerance. Ensure that exceptions are documented, justified, and approved by appropriate authority
  • Support Continuous Security Monitoring and Incident Response: Support continuous security monitoring through the organization's security platforms and endpoint protection tools. Investigate alerts, analyze anomalies, and coordinate incident response activities. Maintain the organizational incident response plan and ensure it reflects current regulatory reporting obligations. Prepare and submit required incident reports in accordance with all applicable federal, state, contractual, and regulatory requirements, which may include healthcare privacy laws, federal contractor obligations, and grants management standards.
  • Manage Data Classification and Regulated Data Protection: Support the identification, classification, and protection of all regulated information categories across organizational systems. Current regulated categories include Controlled Unclassified Information, Protected Health Information, and Personally Identifiable Information subject to federal and state privacy requirements. Implement and maintain appropriate data classification controls, access restrictions, and monitoring in coordination with IT and business stakeholders. Monitor applicable state and federal privacy regulations for changes that affect organizational obligations and bring material changes to the attention of IT leadership
  • Manage Third-Party and Vendor Risk: Evaluate technology vendors and third-party service providers for cybersecurity compliance and risk posture across all applicable frameworks. Review vendor agreements for appropriate security, data handling, and regulatory flow-down obligations including Business Associate Agreements for vendors handling Protected Health Information. Assess software configurations and embedded technology features for compliance with organizational data classification policies and all applicable regulatory requirements, not limited to federal contractor standards.
  • Deliver Security Training and Awareness: Develop and deliver cybersecurity awareness training for all staff covering responsible technology use, data protection obligations across all applicable regulatory categories, threat recognition, and incident reporting procedures. Ensure training content reflects the full scope of the organization's regulatory environment and is accessible to staff across all roles and technical literacy levels. Maintain documented training completion records and coordinate role-specific training for IT staff and employees with access to regulated data.
  • Maintain Security Documentation and Reporting: Produce accurate and timely security documentation and reporting for internal leadership and external reviewers across all applicable compliance domains. Documentation may include compliance status reports, risk registers, audit evidence packages, remediation tracking, and regulatory submissions. Communicate security, risk and compliance status clearly and concisely to non-technical audiences including organizational leadership, legal counsel, and program leadership. Ensure that reporting reflects the full scope of the organization's compliance obligations and does not treat any single framework as the exclusive measure of the organization's security posture

 

Qualifications:

  • Bachelors degree in information Technology, Information technology, computer science or a related field is required.
  • 5 years in a cyber security or related position is required
  • Certified information systems security professional and 5 years of experience will be considered if the candidate does not have a degree.
  • Experience in a federal contracting environment is preferred.

Salary.com Estimation for Cyber Security & Compliance Specialist in Upper Marlboro, MD
$129,730 to $160,057
If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

What is the career path for a Cyber Security & Compliance Specialist?

Sign up to receive alerts about other jobs on the Cyber Security & Compliance Specialist career path by checking the boxes next to the positions that interest you.
Income Estimation: 
$99,793 - $130,112
Income Estimation: 
$125,027 - $157,872
Income Estimation: 
$125,027 - $157,872
Income Estimation: 
$149,432 - $188,965
Employees: Get a Salary Increase
View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

Job openings at Melwood Horticultural Training Center Inc.

CUSTODIAL WORKER (DA) 6:30 am - 3:30 pm
Apply
  • Melwood Horticultural Training Center Inc. Washington, DC
  • INTRODUCTION This position is set aside for a person with a disability. Documented proof of disability is required prior to the interview This position is ... more
  • 3 Days Ago
JANITOR (DA) 7am - 4pm
Apply
  • Melwood Horticultural Training Center Inc. Washington, DC
  • This position is located at: Potomac Annex Bldg 1-7 2300 E Street NW Washington, DC 20372, USA *This position is set aside for a person with a disability. ... more
  • 3 Days Ago
Janitor (DA) 7:00am - 4:00pm
Apply
  • Melwood Horticultural Training Center Inc. Washington, DC
  • CUSTODIAL WORKER 7:00 am - 4:00 pm, Monday - Friday This position is set aside for persons with a disability Proof of disability is required prior to inter... more
  • 3 Days Ago
CUSTODIAL WORKER (DA) 5:00pm - 10:00pm
Apply
  • Melwood Horticultural Training Center Inc. Washington, DC
  • INTRODUCTION This position is set aside for a person with a disability. Documented proof of disability is required prior to the interview This position is ... more
  • 3 Days Ago
View More Jobs at Melwood Horticultural Training Center Inc.

Not the job you're looking for? Here are some other Cyber Security & Compliance Specialist jobs in the Upper Marlboro, MD area that may be a better fit.

Cyber Security & Compliance Specialist
Apply
  • MW_enterprise Upper Marlboro, MD
  • The Cybersecurity and Compliance Specialist is responsible for protecting Melwood's information systems, data, and technology infrastructure through the on... more
  • 10 Days Ago
Incident Response and Cyber Security OPS
Apply
  • Secured Cyber Fairfax, VA
  • Secured Cyber is looking to fill several SOC analyst positions IMMEDIATELY to perform duties related to Incident Response at the Drug Enforcement Administr... more
  • 29 Days Ago
View More Jobs

AI Assistant is available now!

Feel free to start your new journey!