Logo
Urban Institute

Urban Institute is hiring: Lead Cybersecurity Compliance Engineer in Washington

Urban Institute, Washington, DC, United States, 20022

Save Job

Lead Cybersecurity Compliance Engineer

Join to apply for the Lead Cybersecurity Compliance Engineer role at Urban Institute.

About Urban Institute

The Urban Institute is a research‑to‑impact institution founded on one simple idea: To improve lives and strengthen communities, we need practices and policies that work. For more than 50 years, Urban has delivered evidence and solutions that drive meaningful change, and this remains our charge today.

Our Mission: To drive impact by equipping changemakers with evidence and solutions.

Our Values: Collaboration, Fairness, Inclusivity, Independence, and Integrity.

Opportunity

The Lead Cybersecurity Compliance Engineer is a senior role within Urban Institute’s Technology & Data Science (TECH) department. This position is responsible for ensuring that key Urban IT systems and cloud services meet federal cybersecurity compliance requirements. In practice, the engineer will manage the FedRAMP Moderate Authority to Operate (ATO) compliance process for designated cloud systems, coordinate security requirements into contracts and procurements, and oversee vendor management, security assessments and audits.

The role also involves performing regular compliance activities such as risk assessments, vulnerability scans, and third‑party audits, updating and maintaining security policies and procedures, and monitoring evolving regulatory standards. This role reports directly to the Senior Director, Infrastructure and Security.

Responsibilities

  • Manage the FedRAMP Moderate ATO process for designated urban cloud systems, including coordinating security documentation (SSPs, gap analysis, PIAs), security assessment reports (SARs), continuous monitoring and required audit activities to meet the NIST‑based FedRAMP baseline.
  • Ensure that system architectures and configurations are designed to align with the required security controls for moderate‑impact information.
  • Lead cybersecurity contract reviews for all relevant IT procurements, analyze and update agreements to include necessary security clauses, controls, and compliance requirements.
  • Procure and oversee third‑party vendor activities, conduct vendor risk assessments and audits, coordinate cross‑functional vendor review meetings, and verify third‑party adherence to Urban’s security policies.
  • Schedule and manage regular security testing and auditing activities for Urban’s FedRAMP environment, including arranging annual 3PAO audits, external penetration tests and vulnerability assessments, tracking remediation efforts, and reviewing internal audit findings.
  • Develop, update, and maintain cybersecurity policies, standards, procedures, and playbooks with support from the Infrastructure and Security team and other Technology & Data Science team members, as necessary.
  • Support incident response activities, root cause analysis, and reporting requirements.
  • Ensure that all compliance documentation (plans of action and milestones, security checklists) is up‑to‑date and accessible.
  • Stay current with federal and industry cybersecurity regulations and frameworks, translate new requirements into actionable guidance for Urban.
  • Coordinate briefings so that Urban teams understand their compliance obligations.
  • Work closely with Technology & Data Science leadership, project managers, and stakeholders to integrate compliance requirements into projects and update or modify compliant systems as needed.
  • Provide regular status updates on compliance efforts and report any security or compliance gaps to senior management.
  • Support the Infrastructure and Security team as needed for general cybersecurity needs and initiatives.

Requirements

  • At least 5 years of experience in cybersecurity or IT compliance, with a strong focus on federal security frameworks and proven experience preparing for and/or maintaining FedRAMP authorizations (especially Moderate or higher).
  • Bachelor’s degree in Computer Science, Information Security, or a related field or equivalent experience.
  • Experience creating and/or managing system security documentation (SSPs, SARs, POA&Ms) and implementing continuous monitoring programs.
  • In‑depth understanding of the NIST SP 800‑53 Rev 5 security control framework, as well as familiarity with FISMA, OMB policies, and other relevant federal cybersecurity standards.
  • Proven ability to conduct security reviews of contracts, identify required cybersecurity clauses, and manage vendor risk assessments.
  • Strong written and verbal communication skills, able to articulate complex security and compliance concepts clearly to technical and non‑technical audiences; experience writing policies, procedures, and/or playbooks.

What You’ll Experience

No matter your role with Urban, you will contribute to meaningful work that makes a difference for people and communities across the country. Urban’s greatest asset is our people. The target salary range for this position is $130,000‑$160,000. Salary offered is commensurate with experience and considers internal comparisons.

Urban is committed to supporting staff’s physical, emotional, and financial well‑being through a robust benefits package for you, eligible dependents, and domestic partners. Benefits include generous paid time off, nine federal holidays, medical (including prescription), dental and vision insurance, transit benefits, a 403(b) retirement plan with immediate participation, immediate employer contribution after six months of service, health advocate, personal finance coaching, and educational assistance for undergraduate and graduate degree programs.

The Urban Institute has formally recognized the Urban Institute Employees’ Union, a member of the NPEU. This position is included in the Union‑represented collective bargaining unit and is subject to collective bargaining negotiations.

Economic and legal statements about duties are subject to change. Urban management reserves the right to amend duties, responsibilities, and requirements as necessary.

Equal Opportunity Statement

The Urban Institute is an equal opportunity employer. All qualified candidates will receive consideration without regard to race, color, religion, national origin, gender or gender identity, age, marital status, personal appearance, sexual orientation, veteran status, pregnancy or family responsibilities, disability, or any other protected status under applicable law. We are committed to equal employment opportunity and providing reasonable accommodations to applicants with physical and/or mental disabilities. If you have a disability and need special accommodations to use our website to apply, please contact Human Resources at humanresources@urban.org.

Seniority Level

Mid‑Senior level

Employment Type

Full‑time

Job Function

Information Technology / Research Services

#J-18808-Ljbffr