Compliance Officer - Senior

COMPLIANCE OFFICER - SR

Position Overview

The Compliance Specialist Sr. provides direct cybersecurity compliance support to federal information systems, ensuring adherence to NIST, FISMA, and DHS policy frameworks. The role involves reviewing, analyzing, and maintaining security authorization documentation, tracking compliance metrics, and supporting Assessment & Authorization (A&A) processes. The specialist serves as a subject matter expert on security controls, governance, and risk management, working closely with government and contractor stakeholders to ensure ongoing compliance with laws, regulations, and standards such as FedRAMP and the NIST Risk Management Framework (RMF).

Duties & Responsibilities

TSA Applications Support

• Support the review and analysis of security documentation for TSA systems, ensuring compliance with FISMA, DHS, and NIST 800-series standards.

• Review Authority to Operate (ATO) documentation for policy alignment and recommend approval or rejection based on findings.

• Track and manage POA&Ms, ATO documentation expirations, ISVM compliance, and performance metrics for TSA systems.

Training

• Provide guidance and knowledge transfer on the NIST RMF, A&A process, and compliance reporting to system owners and ISSOs.

• Support internal training related to FedRAMP, continuous diagnostics (CDM), and cybersecurity best practices.

Requirements Engineering & Management / Metrics

• Develop and maintain compliance dashboards and tracking tools to monitor ISVMs, system scores, CDM scores, and documentation status.

• Research emerging DHS and FISMA requirements and develop strategies for system owners to maintain compliance.

• Support metrics reporting for security posture and compliance trends within the TSA enterprise environment.

Performance Summary Report

• Develop and deliver weekly and monthly compliance status reports, highlighting completed work, ongoing tasks, risks, and mitigation recommendations.

• Ensure all reports are accurate, well-structured, and conform to management templates using MS PowerPoint, MS Project, and other MS tools.

Build Script Repository

• Maintain version-controlled repositories for compliance templates, security documentation, and reporting scripts.

• Standardize documentation practices and ensure repository items are current with DHS policy changes.

Requirements Integrate Capacity Management into PPM Environment

• Integrate compliance tracking and ATO management data into the TSA Project Portfolio Management (PPM) environment to enhance oversight and forecasting.

• Collaborate with project management teams to align cybersecurity compliance metrics with organizational capacity planning.

Expert-Level Abilities in [Role-Specific SME Area]

• Deep understanding of NIST 800-series publications, FISMA requirements, and the RMF process.

• Expertise in developing and managing ATO packages and supporting FedRAMP authorizations.

• Skilled in use of cybersecurity tools such as Archer, Splunk, Nessus Security Center, CSAM, EMASS, and IACTS.

• Strong analytical and problem-solving capabilities, with the ability to synthesize complex policy requirements into actionable technical tasks.

• Proficiency in drafting, reviewing, and updating security documentation (SSPs, Contingency Plans, Privacy Docs, FIPS 199, Incident Response Plans).

Qualifications

Minimum Requirements

• At least 7 years of IT cybersecurity experience, including direct support to the U.S. Government.

• 4 years in a compliance-focused role (ISSO, assessor, or compliance analyst).

• Proven experience in information assurance, A&A, and RMF implementation.

• Familiarity with cloud systems, architecture, and FedRAMP authorization processes.

• Demonstrated ability to manage multiple tasks and communicate effectively with both technical and executive audiences.

Preferred Qualifications

• Experience supporting DHS or TSA cybersecurity compliance programs.

• Knowledge of patch management, firewalls, intrusion detection/prevention systems, and PKI/SSL/TLS protocols.

• Strong project management, organization, and written communication skills.

Education and Certifications

• Bachelor's degree in information technology, Computer Science, Engineering, or a related field; equivalent experience may be substituted.

• Required Certifications (at least one):

• Certified Authorization Professional (CAP)

• Certified Information Systems Security Officer (CISSO)

• Certified Information Security Manager (CISM)

• Certified Information Systems Security Professional (CISSP)

• Certified Information Systems Auditor (CISA)

• Certified in Risk and Information Systems Control (CRISC)

Clearance Level

• Active Secret Level Security Clearance required.

Work Location

• Remote Authorized.

• Primary performance locations include Springfield, VA; Annapolis Junction, MD; and Freedom Center in Herndon, VA.

• Travel between locations and remote sites is not reimbursed.

Hours of Operations

• Standard business hours (Monday-Friday, 8:00 AM-5:00 PM EST).

• Occasional off-hour support may be required to meet reporting or compliance deadlines.

Reporting Structure (Optional but Recommended)

• Reports to the Compliance Program Manager or Cybersecurity Policy Lead within the TSA Information Assurance Division.

• Collaborates closely with ISSOs, Security Control Assessors, and System Owners across TSA systems.