ASRC Federal Holding Company
Cybersecurity Governance & Compliance Lead (PL)
ASRC Federal Holding Company, Alexandria, Virginia, us, 22350
Overview
ASRC Federal is seeking a
Cybersecurity Governance & Compliance Lead
to support one of our federal government contracts based out of Seaside, California and Alexandria, Virginia. The successful candidate
MUST
possess an active
Secret
Security Clearance
and will lead mentoring a team of Governance and Compliance professionals to ensure proper maintenance of the Assured Compliance Assessment Solution (ACAS) suite of applications and vulnerability management in support of RMF activities. The position is hybrid but primarily remote with some onsite presence required from a minimum 3 days per week in support of customer requirements at our main customer location in Alexandria, Virginia and may require approximately 10% travel to Seaside, California.
Responsibilities:
ACAS Management : Act as the primary point of contact for the design, development, and implementation strategy for the Assured Compliance Assessment Solution (ACAS) in support of meeting security objectives for cloud infrastructure and enterprise networks environments.
Team Leadership : Provide cross-functional collaboration amongst cybersecurity service support teams for routine and event-oriented activities in the following areas.
Vulnerability Management : Lead configuration and optimization of ACAS policies, writing scripts (Bash, Python), and performing root cause analysis to resolve issues.
Manage vulnerability policies, custom alerts, scan policies, and ticketing workflows.
Cross-reference weekly IAVM (Information Assurance Vulnerability Management) compliance reports with ACAS scan results to identify and remediate vulnerabilities.
Support cybersecurity reviews and audits to ensure systems meet DoD 8140 and 8570 compliance standards.
Governance and Compliance :
Lead and support ISSO activity task to ensure proper documentation for Authority to Operate (ATO) and Continuous Monitoring are maintained and updated.
Detection and Response :
Lead cross-functional activities to assess operational impact of enterprise systems as identified in U.S. Cyber Command (USCC) and Joint Force Headquarters (JFHQ) directives.
Reporting and Documentation : Lead and manage teams in the generation and maintenance of cybersecurity RMF artifacts such as System Security Plans, POA&M (Plans of Action & Milestones), and security CONOPS (Concept of Operations).
Continuous Process Improvement : Regularly review and update vulnerability management processes and procedures (SOP) based on lessons learned from routine and event-oriented incidents in accordance with DoD regulations, directives, and industry best practices.
Preferred Skills
Deep understanding of Information Technology (IT) systems configuration within the Department of Defense (DoD) and extensive hands-on experience with ACAS tools to ensure the security and compliance of cloud infrastructure and enterprise environments.
Familiarity with tools such as ESS, Microsoft Defender, Splunk, Tanium and Burp Suite capabilities and how these tools complement one another in support cybersecurity support services.
Required Qualifications
Active
Secret Clearance
and
Bachelor’s degree
in Information Technology, Cybersecurity, or a related field.
Active
DoD 8570 IAT Level II
certification or greater, including at least one of the following certifications in good standing: CCNA Security, CySA+, GICSP, GSEC, Security+ CE, CND, SSCP, CASP+CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, or CCSP.
8+ years
of relevant IT or Cybersecurity experience, including 4+ years of hands-on expertise managing the
ACAS
suite throughout its lifecycle—from initial deployment, configuration, and integration into enterprise networks to continuous monitoring, maintenance, and optimization. This includes proficiency in configuring scan policies, customizing dashboards, managing Tenable Nessus scans, Security Center reporting, and ensuring seamless updates to maintain compliance and efficiency.
DISA ACAS certified.
Strong knowledge of
Linux
and
Windows
operating systems, with proficiency in scripting languages like
Bash
and
Python
for automation, troubleshooting, and ACAS tool customization to meet organizational needs.
Experience in
vulnerability management , including interpreting and remediating ACAS scan results, managing IAVM compliance reporting, analyzing system vulnerabilities, and ensuring full lifecycle security solutions using ACAS to maintain enterprise network integrity.
Proven ability to generate security artifacts (e.g., POA&M, CONOPS, security plans), implement end-to-end
ACAS
solutions, and collaborate effectively in team environments to address evolving cybersecurity threats and challenges.
The position is hybrid but primarily remote with some onsite presence required from a minimum of 3 days per week in support of customer requirements at our main customer location in Alexandria, Virginia and may require approximately 10% travel to Seaside, California.
Why ASRC? ASRC Federal is a wholly owned subsidiary of Arctic Slope Regional Corporation, an Alaska Native Corporation, and we are guided by values such as stewardship, teamwork, integrity, respect, accountability, and continuous improvement.
Job Details
Job Family : Information Technology
Job Function : Information Security
Pay Type : Salary
Education Level : Bachelor’s Degree
#J-18808-Ljbffr
ASRC Federal is seeking a
Cybersecurity Governance & Compliance Lead
to support one of our federal government contracts based out of Seaside, California and Alexandria, Virginia. The successful candidate
MUST
possess an active
Secret
Security Clearance
and will lead mentoring a team of Governance and Compliance professionals to ensure proper maintenance of the Assured Compliance Assessment Solution (ACAS) suite of applications and vulnerability management in support of RMF activities. The position is hybrid but primarily remote with some onsite presence required from a minimum 3 days per week in support of customer requirements at our main customer location in Alexandria, Virginia and may require approximately 10% travel to Seaside, California.
Responsibilities:
ACAS Management : Act as the primary point of contact for the design, development, and implementation strategy for the Assured Compliance Assessment Solution (ACAS) in support of meeting security objectives for cloud infrastructure and enterprise networks environments.
Team Leadership : Provide cross-functional collaboration amongst cybersecurity service support teams for routine and event-oriented activities in the following areas.
Vulnerability Management : Lead configuration and optimization of ACAS policies, writing scripts (Bash, Python), and performing root cause analysis to resolve issues.
Manage vulnerability policies, custom alerts, scan policies, and ticketing workflows.
Cross-reference weekly IAVM (Information Assurance Vulnerability Management) compliance reports with ACAS scan results to identify and remediate vulnerabilities.
Support cybersecurity reviews and audits to ensure systems meet DoD 8140 and 8570 compliance standards.
Governance and Compliance :
Lead and support ISSO activity task to ensure proper documentation for Authority to Operate (ATO) and Continuous Monitoring are maintained and updated.
Detection and Response :
Lead cross-functional activities to assess operational impact of enterprise systems as identified in U.S. Cyber Command (USCC) and Joint Force Headquarters (JFHQ) directives.
Reporting and Documentation : Lead and manage teams in the generation and maintenance of cybersecurity RMF artifacts such as System Security Plans, POA&M (Plans of Action & Milestones), and security CONOPS (Concept of Operations).
Continuous Process Improvement : Regularly review and update vulnerability management processes and procedures (SOP) based on lessons learned from routine and event-oriented incidents in accordance with DoD regulations, directives, and industry best practices.
Preferred Skills
Deep understanding of Information Technology (IT) systems configuration within the Department of Defense (DoD) and extensive hands-on experience with ACAS tools to ensure the security and compliance of cloud infrastructure and enterprise environments.
Familiarity with tools such as ESS, Microsoft Defender, Splunk, Tanium and Burp Suite capabilities and how these tools complement one another in support cybersecurity support services.
Required Qualifications
Active
Secret Clearance
and
Bachelor’s degree
in Information Technology, Cybersecurity, or a related field.
Active
DoD 8570 IAT Level II
certification or greater, including at least one of the following certifications in good standing: CCNA Security, CySA+, GICSP, GSEC, Security+ CE, CND, SSCP, CASP+CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, or CCSP.
8+ years
of relevant IT or Cybersecurity experience, including 4+ years of hands-on expertise managing the
ACAS
suite throughout its lifecycle—from initial deployment, configuration, and integration into enterprise networks to continuous monitoring, maintenance, and optimization. This includes proficiency in configuring scan policies, customizing dashboards, managing Tenable Nessus scans, Security Center reporting, and ensuring seamless updates to maintain compliance and efficiency.
DISA ACAS certified.
Strong knowledge of
Linux
and
Windows
operating systems, with proficiency in scripting languages like
Bash
and
Python
for automation, troubleshooting, and ACAS tool customization to meet organizational needs.
Experience in
vulnerability management , including interpreting and remediating ACAS scan results, managing IAVM compliance reporting, analyzing system vulnerabilities, and ensuring full lifecycle security solutions using ACAS to maintain enterprise network integrity.
Proven ability to generate security artifacts (e.g., POA&M, CONOPS, security plans), implement end-to-end
ACAS
solutions, and collaborate effectively in team environments to address evolving cybersecurity threats and challenges.
The position is hybrid but primarily remote with some onsite presence required from a minimum of 3 days per week in support of customer requirements at our main customer location in Alexandria, Virginia and may require approximately 10% travel to Seaside, California.
Why ASRC? ASRC Federal is a wholly owned subsidiary of Arctic Slope Regional Corporation, an Alaska Native Corporation, and we are guided by values such as stewardship, teamwork, integrity, respect, accountability, and continuous improvement.
Job Details
Job Family : Information Technology
Job Function : Information Security
Pay Type : Salary
Education Level : Bachelor’s Degree
#J-18808-Ljbffr