FISMA Compliance Support Lead

FISMA Compliance Support Lead

Location: Bethesda MD (Onsite with some Hybrid flexibility)

Job Overview: LCG is seeking a highly skilled FISMA Compliance Support Lead to manage and implement FISMA compliance across a Clients IT systems. The FISMA Compliance Support Lead will serve as the senior subject matter expert for Federal Information Security Modernization Act (FISMA) compliance providing expertise in security assessments documentation review risk analysis and reporting. The role requires hands-on knowledge of federal compliance frameworks cybersecurity tools and the ability to collaborate with technical and business stakeholders.

The role partners closely with the Client Information System Security Officer (ISSO) to provide program project task risk and issue management; participates in recurring status meetings; and aligns all activities to Clients Information Security & Privacy program goals

Key Responsibilities

Compliance Oversight

• Ensure the effective implementation of annual FISMA reporting review requirements.
• Review and validate security documentation for Clients systems ensuring FISMA compliance is implemented tracked and monitored.
• Provide subject matter expertise for Security Assessment and Authorization (A&A) processes in a federal IT environment.
• Independently perform Security Authorization of information systems using NIST SP 800-53 Rev. 5 controls; determine control effectiveness and document findings to support credible risk-based ATO decisions.
• Lead the three Security Authorization phases and associated artifacts.
• Maintain all ATO documentation in CSAM and submit/track POA&Ms weekly/monthly with System Owners CIO and ISSO.

Cybersecurity & Risk Management

• Research analyze and report on trends using publicly available and internal cybersecurity data.
• Monitor emerging cybersecurity tools (BigFix Splunk Tripwire Cylance Tenable etc.) to support compliance and risk reduction.
• Track vulnerability advisories errata alerts and bulletins to ensure risks are identified disseminated and mitigated.
• Collaborate with IT Security teams to ensure technical controls meet FISMA NIST and NIH standards.
• Implement and mature Continuous Diagnostics & Mitigation (CDM) capabilities: monitor scans for all systems alert technical POCs to risks and provide mitigation guidance.
• Support enterprise vulnerability management with credentialed scans risk analysis remediation guidance and integration with NIH capabilities; monitor external vulnerability sources and advise on mitigation priorities.
• Execute Risk Management Framework activities and contribute to the Client risk management program.

Documentation and Reporting

• Prepare review and update System Security Plans (SSPs) security controls documentation and risk assessments.
• Develop compliance reports and metrics to measure Clients security posture.
• Support audits inspections and annual security reviews by federal oversight bodies.
• Maintain technical controls and organizational processes that ensure continuous compliance.
• Lead weekly monthly and quarterly customer meetings; produce agendas minutes dashboards and track action items and deliverables.
• Translate security concepts into actionable recommendations; perform detail-oriented system documentation and updates to execute ATO support duties.

Leadership and Stakeholder Engagement

• Work with program management IT operations staff and system owners to align compliance activities with Clients objectives.
• Provide training guidance and subject matter expertise on FISMA requirements to stakeholders.
• Communicate compliance findings and recommendations effectively to both technical and non-technical audiences.
• Coordinate with NIH/CIT Client OIT and cross-contractor teams to ensure consistent policy interpretation inheritance planning (NIH Inheritability Matrix/InfoSec Control Catalog) and alignment with enterprise changes affecting compliance.

Incident & Data Protection Collaboration

• Support incident response coordination with NIH Incident Response and Privacy teams; assist with forensic analysis threat intelligence and related reporting when compliance issues intersect with incidents.
• Support Data Loss Prevention and sensitive-data discovery/reporting activities to safeguard data at rest in use and in transit.

Service Levels & Coverage

• Support compliance activities within a 24x7 operating context for network/cybersecurity functions including participation in defined escalation/communication protocols during Non-Core Business Hours and maintenance weekends (first Saturday monthly).
• Work with OIT to uphold SLA expectations and root-cause analysis requirements for major incidents (S1/S2/S3) ensuring timely audit-ready documentation

Requirements

• 46 years of hands-on experience providing technology leadership in FISMA compliance.
• 3 years of experience with emerging cybersecurity tools (Splunk Tripwire BigFix Tenable Cylance etc.).
• Experience with Security Assessment and Authorization (A&A) processes in a federal environment.
• Bachelors degree in Computer Science Engineering or related STEM field (an additional 4 years of relevant experience may substitute).
• 10 years of cybersecurity-related experience overall.
• Certifications: Active CISSP CISA CISM SSCP or equivalent.
• Prior federal government IT security and FISMA compliance experience.
• Strong skills in strategic thinking negotiation multi-tasking conflict management and time management.
• Expert-level proficiency in Microsoft Word Excel PowerPoint and Visio.
• Familiarity with ServiceNow or other IT ticketing systems.
• Ability to anticipate changes and recommend proactive compliance solutions.
• Strong written and oral communication skills with the ability to clearly convey compliance requirements to stakeholders.
• Ability to work independently while also thriving in an integrated cross-functional team environment.
• Hands-on use of CSAM for ATO lifecycle management including POA&M submission and status reporting cadence.
• Developing inheritance matrices and leveraging NIH tailored templates and control catalogs for on-prem and cloud systems.
• Leading CDM and enterprise vulnerability management activities and coordinating remediation with System Owners and Workstream Leads

Compensation and Benefits

The projected compensation range for this position is $100000 to $200000 per year benchmarked in the Washington DC Metro area. The salary range provided is a good faith estimate representative of all experience levels. Salary at LCG is determined by various factors including but not limited to role location the combination of education/training knowledge skills competencies certifications and work experience.

LCG offers a competitive comprehensive benefits package which includes health insurance options (medical dental vision) life and disability insurance retirement plan contributions as well as paid leave federal holidays professional development and lifestyle benefits.

Devoted to Fair and Inclusive Practices

All qualified applicants will receive consideration for employment without regard to sex race ethnicity age national origin citizenship religion physical or mental disability medical condition genetic information pregnancy family structure marital status ancestry domestic partner status sexual orientation gender identity or expression veteran or military status or any other basis prohibited by law.

If you are interested in applying for employment with LCG and need special assistance or an accommodation to apply for a posted position contact our Human Resources department by email at.

Securing Your Data

Beware of fraudulent job offers using LCGs name. LCG will never request payment-related details or advancement of money during the application process. Legitimate communication will only come from oremails not free commercial services like Gmail or WhatsApp. If you receive suspicious emails asking for payment or personal information contact us immediately at.

If you believe you are the victim of a scam contact your local law enforcement and report the incident to theU.S. Federal Trade Commission.