Business Information Security & Compliance Officer

The Business Information Security and Compliance Officer will serve as the primary cybersecurity and compliance liaison for one of SRCs business divisions to embed security and compliance into daily operations and long-term planning ensuring that programs projects systems and operations align with cybersecurity best practices DFARS clauses and DoD regulatory frameworks. This role a member of the Information Security and Compliance team will support the implementation of NIST SP 800-171 controls and CMMC requirements across projects within the division provide ongoing compliance oversight and act as a trusted advisor for information security risk and compliance matters across the division. Primary duties responsibilities and essential job functions include:

• Advising and supporting the business unit in the implementation and documentation of cybersecurity controls aligned with DFARS NIST SP 800-171 and CMMC requirements
• Conducting or supporting gap assessments defining remediation actions tracking progress through POAMs and supporting the maintenance of accurate System Security Plans (SSPs)
• Supporting the development implementation and maintenance of cybersecurity policies and procedures in compliance with FAR DFARS NIST SP 800-171 and CMMC
• Serving as a trusted partner to business stakeholders helping to interpret security requirements and balance risk and compliance with operational needs
• Guiding the division on security best practices emerging threats and compliance obligations
• Collaborating with cross-functional teams including IT Contracts Procurement Engineering and Program Management to support secure and compliant operations
• Assisting in preparation for audits or assessments including internal reviews and external CMMC evaluations
• Staying informed on evolving industry trends regulatory requirements threat landscape changes emerging cybersecurity risks and technologies to ensure the organization remains at the forefront of federal cybersecurity practices
• Contributing to the continuous improvement of the organizations cybersecurity and compliance posture by identifying inefficiencies and proposing enhancements

#LI-DH1

• Bachelors degree in Information Security Information Systems Information Technology Cybersecurity or a related field
• 10 years of work experience in Information Security Cybersecurity IT Security or Governance Risk and Compliance functions
• 3 years of hands-on experience implementing or supporting NIST SP 800-171/171A and/or 800-53 controls withing a corporate or program environment
• 2 years of experience in an organization with at least 1000 employees
• Strong understanding of information security principles practices and technologies including network security application security cloud security and endpoint security
• Experience reviewing and defining security policies procedures and solutions that support compliance and business objectives
• Experience conducting risk assessments compliance gap assessments and control remediation
• Prior experience as a liaison between business units and information security and compliance teams
• Demonstrated ability to understand and interpret business and programs security and compliance needs and translate security and compliance requirements into practical business-aligned solutions
• Excellent communication presentation and interpersonal skills to collaborate directly with business stakeholders technical teams and compliance staff
• Effective time management and organizational skills capable of managing multiple projects and priorities
• Demonstrated professional growth and career progression with increasing levels of responsibility

• Working knowledge of DFARS 252.204-7012/7020/7021
• Experience supporting or preparing for Cybersecurity Maturity Model Certification (CMMC) assessments
• Previous experience creating maintaining or supporting System Security Plans (SSP) and Plans of Action and Milestones (POAM)
• Experience supporting or preparing for third-party cybersecurity audits such as SOC 2 ISO/IEC 27001 FedRAMP HIPAA PCI-DSS
• Experience working in Microsoft O365 hybrid environment
• Familiarity with AI and emerging security technologies
• Previous experience as information security consultant or auditor
• Prior experience as a DoD contractor
• Relevant certifications such as Certified Information Systems Security Professional (CISSP) Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM)

SRC IS A CONTRACTOR FOR THE U.S. GOVERNMENT THIS POSITION WILL REQUIRE U.S. CITIZENSHIP AND ELIGIBILITY FOR A U.S. GOVERNMENT SECURITY CLEARANCE AT THE SECRET LEVEL

• Up to 10% of the time

Scientific Research Corporation is an advanced information technology and engineering company that provides innovative products and services to government and private industry as well as independent institutions. At the core of our capabilities is a seasoned team of highly skilled engineers and scientists with multidisciplinary backgrounds. This team is challenged daily to provide cutting edge technology solutions to our clients.

SRC offers a generous benefit package including medical dental and vision plans 401(k) with a company match life insurance vacation and sick paid time off accruals starting at 10 days of vacation and 5 days of sick leave annually 11 paid holidays tuition reimbursement and a work environment that encourages excellence and more. For positions requiring a security clearance selected applicants will be subject to a government security investigation and must meet eligibility requirements for access to classified information.

Scientific Research Corporation is an equal opportunity employer that does not discriminate in employment.

All qualified applicants will receive consideration for employment without regard to their race color religion sex age sexual orientation gender identity national origin disability protected veteran status or any other protected characteristic under federal state or local law.

Scientific Research Corporation endeavors to make accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process please contact for assistance. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.