Cybersecurity Compliance Lead

SOSi seeks a Cybersecurity Compliance Lead to join our team at Joint Base Pearl Harbor Hickam, Honolulu, HI. As a Cybersecurity Compliance Lead, you'll play a vital role in ensuring the integrity and security of our cybersecurity operations, maintaining compliance with DoD regulations. Our SOSi team, based in Honolulu, Hawaii, develops, manages, and supports IT and cybersecurity solutions for USINDOPACOM, its mission, and its 5,000 customers throughout the Indo-Pacific theater. We address complex cybersecurity challenges critical to enabling USINDOPACOM's realization of time-sensitive C2 strategies.

As the Cybersecurity Compliance Lead and designated Information System Security Manager (ISSM) at SOSi, you will be a key member of the Cybersecurity Operations Team, ensuring all systems under your purview within the USINDOPACOM Area of Responsibility (AOR) comply with Department of Defense (DoD) cybersecurity regulations. You will lead and manage compliance programs, Risk Management Framework (RMF) activities, and continuous monitoring in accordance with DoDI 8510.01 and NIST SP 800-53.  This position is integral to ensuring mission readiness and system resilience in support of USINDOPACOM's cyber objectives. As the ISSM, you will champion compliance, risk mitigation, and secure system operations across the AOR.

• Serve as the ISSM: Oversee the cybersecurity posture of assigned systems in accordance with DoDI 8510.01, including maintaining the system security plan (SSP), ensuring continuous monitoring, and ensuring proper categorization and authorization of information systems.
• Lead RMF Lifecycle Activities: Support system categorization, control selection, implementation, assessment, authorization, and monitoring activities. Coordinate with ISSOs, AOs, and system owners throughout the RMF process.
• Develop and Implement Compliance Programs: Ensure cybersecurity policies, procedures, and controls align with applicable laws, regulations, and standards including NIST SP 800-53, CNSSI 1253, and DISA STIGs.
• Conduct Audits and Assessments: Identify compliance gaps and risk areas through regular reviews and technical evaluations. Coordinate with internal and external auditors.
• Oversee Compliance Operations: Ensure adherence to approved SOPs and Tactics, Techniques, and Procedures (TTPs). Maintain audit readiness across assigned environments.
• Support Incident Response: Investigate security incidents, conduct forensic analysis, determine root cause(s), and ensure corrective actions are documented in POA&Ms.
• Maintain Security Baselines: Manage system configuration, patch levels, and compliance of hardware, software, and firmware baselines in accordance with applicable STIGs.
• Utilize Compliance Tools: Track compliance and POA&M items using platforms such as eMASS, Xacta, Jira, ServiceNow, and/or Remedy.
• Advise on Cybersecurity Architecture: Provide compliance input for network design, cross-domain solutions, cloud migrations, and secure enclaves.
• Liaise with Stakeholders: Serve as the primary cybersecurity compliance point of contact for customers, POCs, and mission partners. Communicate operational impacts, timelines, and compliance risks effectively.
• Promote Continuous Improvement: Identify opportunities to automate control assessments, streamline reporting, and enhance compliance workflows.
• Support Mission Exercises and 24/7 Operations: Provide cybersecurity compliance support during operational surges, readiness exercises, or real-world events.
• Participate in Special Projects: Support emerging technologies, pilot programs, or command-level initiatives requiring compliance oversight.

• Active in-scope TOP SECRET clearance with SCI eligibility.
• Bachelor’s Degree in Cybersecurity, Information Assurance, or similar, and 5 years of related experience or 9 years of experience in cybersecurity compliance and risk management.
• DoD 8570 IAM-III compliant (CISSP, CISM, GSLC, CCISO).
• Experience supporting RMF, A&A, and continuous monitoring activities in a DoD environment.
• In-depth understanding of NIST, FISMA, CNSSI, and DISA STIG requirements.
• Hands-on experience developing and maintaining security documentation, including SSPs, POA&Ms, and control matrices.
• Proficient in compliance toolsets such as eMASS, Jira, ServiceNow, or Xacta.
• Strong problem-solving skill, the ability to conduct thorough audits or assessments and adapt to changing compliance requirements.
• Excellent communication skills, with the ability to convey complex security concepts to technical and nontechnical stakeholders, including senior leaders.
• Able to support 24/7 operations (including support to exercises), when necessary.
• Customer-service oriented with a willingness to participate and assist.

• Certified Information Systems Security Professional (CISSP) certification.
• Relevant IT certifications, particularly related to cybersecurity and compliance (e.g., CISM, CRISC, CISA).
• Familiarity with cloud security SRGs, zero trust architecture, and classified systems compliance.
• Experience with cybersecurity technologies and tools (e.g., Forcepoint, Juniper, Palo Alto).
• Knowledge of Command and Control (C2) systems and mission assurance requirements.
• Experience in ITIL framework and best practices (e.g., Change Management, Configuration Management, Incident Management, Capacity Planning).

• Fast-paced and deadline-oriented work environment
• Potential for non-traditional working hours, including consecutive nights and weekends
• Occasional travel to locations within the supported Area-of-Responsibility (AOR)

All interested individuals will receive consideration and will not be discriminated against for any reason.