Senior Cybersecurity Engineer - Compliance & Risk Management Job at Human Resour

Overview Senior Cybersecurity Engineer - Compliance & Risk Management is a role at Human Resources Research Organization (HumRRO). The organization is a non-profit leader in developing high-impact services and products in employment, military, student testing, and professional credentialing and licensure. As a non-profit, HumRRO focuses on science and society, with a collaborative and supportive environment. The organization supports diversity, equity, and inclusion for all staff. About The Job We are seeking a Senior Cybersecurity Engineer to lead enterprise compliance and security programs across federal, state, and private sector engagements. This role manages multiple compliance frameworks including CMMC, FedRAMP, SCRM, NIST 800-171/800-53, and ISO 27001:2022. You will work on compliance standards across hybrid cloud environments, lead a team of junior engineers conducting vulnerability assessments and security scanning operations, create security documentation, develop compliance policies, respond to time-critical security requirements from clients, and manage third-party compliance audits. Responsibilities Lead enterprise cybersecurity compliance programs (CMMC, FedRAMP, SCRM, NIST frameworks, ISO 27001:2022) Manage monthly compliance reporting and KPI dashboards for executive leadership Coordinate third-party compliance audits (NIST 800-171, CMMC, ISO 27001, FedRAMP) and remediation activities Maintain compliance evidence catalogs and SaaS compliance implementation controls Evaluate and implement security controls across software applications and cloud platforms AWS, Azure, and Office 365 Oversee RMF processes for government contract organizations and DoD applications (ATO/IATT/IATO documentation) Conduct weekly POA&M reviews and monthly security assessments Develop and maintain security policies, procedures, and technical standards Lead vulnerability management programs and conduct security assessments and penetration testing coordination Manage business continuity of operations (COOP) including disaster recovery and crisis management Lead incident response and security event investigation Mentor and manage junior cybersecurity engineers and analysts Interface with federal agencies, auditors, and compliance assessors Collaborate with system architects for security requirements on cloud workloads, migrations, and hybrid environments Oversee customer cyber security questionnaires and qualifications with time-critical deadlines Coordinate with HumRRO Contracts Division on written responses to RFPs regarding IT security, data privacy and regulatory compliance Assist with C-SCRM program implementation and administration Develop compliance documentation and security narratives for proposals Support business development with technical security expertise Act as subject matter expert on internal security controls and regulations Minimum Requirements US Citizen with ability to obtain/maintain security clearance On-site in Alexandria, VA (up to 2 remote days after probation) Bachelor's degree in Cybersecurity, Computer Science, or equivalent field (work experience may be considered in lieu of degree) 7+ years of cybersecurity engineering and compliance experience 5+ years of enterprise experience managing Risk and Compliance across multiple regulatory frameworks Existing Security+ certification or ability to obtain within 6 months (CISSP, CCSP, or CISM preferred) Deep expertise in NIST 800-171/800-53, RMF, and DoD compliance frameworks Hands-on experience with CMMC and FedRAMP authorization processes Proficiency in Office 365 security configuration and management Experience with vulnerability scanning tools (ACAS, Nessus, Rapid7, Qualys) Strong analytical and information-gathering skills with ability to manage multiple tasks under deadlines Excellent communication skills for stakeholder engagement Preferred Active DoD clearance Experience in nonprofit sector IT management CMMC CCP or CCA Experience with FedRAMP 3PAO assessments Knowledge of Supply Chain Risk Management (SCRM) frameworks AWS certifications (Solutions Architect, Security Specialty) DevSecOps pipeline integration and IAC experience CISSP, CCSP, CISM, or CISSP-ISSAP certifications Knowledge of DoD STIGs and automated compliance tools Federal contracting and audit experience Experience with Atlassian tools (Jira, Confluence) Experience with eMASS package development and continuous monitoring STIG implementation and SCAP compliance validation Bi-annual COOP testing and crisis management plan development Leadership experience managing technical teams People management experience is a plus Compensation & Benefits The anticipated salary for this role is $100,000 to $155,000. Specific salary offers are based on candidate qualifications and experience. Health, dental and vision insurance Life insurance equal to 2x annual salary Retirement plan with company matching Paid professional development and certification maintenance Tuition reimbursement 12 weeks of paid parental leave Generous paid time off and 10 paid holidays EEO Statement All qualified applications will receive consideration without regard to race, color, religion, sex, national origin, age, marital status, sexual orientation, veteran status, medical condition, or disability. EEO/Vet/Disabled. Salary: $100000 - $155000 per year #J-18808-Ljbffr