Senior Cyber Security Compliance Officer

About the position Who We Are: PEAKE is a thriving small business with a strong emphasis on integrity and a mission-focused approach. We value inspiration, innovation, and the power of fresh perspectives. We are seeking talented individuals who are dedicated to excellence and continuous growth. We foster an environment that encourages inspiration and innovation. Your ideas and creativity matter to us. We believe that the power of fresh perspectives drives our success and helps us stay ahead of the curve. Your contributions will have a meaningful impact on our company's growth and success. The Mission: Guard Enterprise Cyber Operations Support (GECOS) is an IT Service Management contract in support of the operation, modernization, expansion, and further evolution of the ARNG’s global Information Technology (IT) services including networking, compute, storage, infrastructure, applications, hosting, and program management services. The GECOS program supports the ARNG enterprise IT infrastructure, its Wide Area Network (WAN), authentication and directory services, cybersecurity, application hosting, and associated services. GECOS uses ITIL best practices framework as the basis for IT Service Management (ITSM) model. Who We're Looking For: We are seeking a self-motivated Senior Cyber Security Compliance Officer to join our team immediately. The ideal candidate will possess proven expertise in cybersecurity compliance, with a strong focus on the operational execution of cybersecurity programs, processes, and practices. This role may function as either an Information Systems Security Officer (ISSO) or an Information Systems Security Manager (ISSM), emphasizing both technical proficiency and leadership capabilities. An active DoD security clearance (Secret or higher) is required.

Responsibilities

• Compliance Assessment: Evaluate ARNG’s adherence to cybersecurity requirements and recommend operational activities, processes, and practices to enhance the cybersecurity program.
• Threat Management: In collaboration with the RCC-NG, identify, protect against, detect, respond to, recover from, and analyze threats to the ARNG enterprise network and its enabling technologies, addressing compliance-related gaps and risks.
• Vulnerability Identification: Support ARNG in identifying vulnerabilities within the enterprise network and its enabling technologies while assessing compliance with cybersecurity requirements and established operational practices.
• Secure IT Configuration: Assist the Government in ensuring secure configuration and obtaining approval for IT components below the system level, coordinating with the RCC-NG and adhering to applicable guidelines before integration into an Army Information System.
• eMASS Administration: Contribute to the implementation, management, and administration of organizational structures and workflows within the eMASS platform.
• Certification Enforcement: Aid in enforcing the DCWF and cybersecurity certification program to ensure training and certification requirements are managed, enforced, and properly reported.
• Access Request Management: Help ARNG implement a documented, streamlined process for reviewing, processing, and approving system access requests.
• Compliance Scanning: Utilize ACAS and other compliance-related tools to scan network devices, ensuring they meet current best practices and CCRI requirements, and verify system configurations and statuses.
• Reporting: Prepare and submit comprehensive security reports (e.g., IAVA, intrusion, virus incidents, FISMA) as required by the Government.
• IAVA Compliance Tracking: Monitor enterprise-level IAVA compliance and report on state efforts toward achieving compliance.
• Technical Support for States/Territories: Assist states and territories with scan policy implementation, asset identification, resolution of plug-in issues, and general troubleshooting related to compliance scans.
• Remediation Coordination: Coordinate with the SOC and RCC-NG to leverage the AESS tools suite, working with states on compliance findings and remediation efforts.
• Request Processing: Process FPA and WCF requests to validate requirements and identify associated risks.
• Security Architecture Evaluation: Collaborate with system owners and administrators to assess security architecture and vulnerabilities through security scans, configuration reviews, analysis of system design documentation, and interviews.
• Certification Maintenance: Maintain relevant baseline certification(s) required for DoD 8570.01-M Information Assurance System Architect and Engineer (IASAE) Level III, such as CompTIA Advanced Security Practitioner (CASP), Certified Information Security Manager (CISM), CompTIA Cybersecurity Analyst (CySA+), or Certified Information Systems Security Professional (CISSP).

Requirements

• Bachelor's Degree in a technical concentration from an accredited university preferred
• Demonstrated expertise in cybersecurity compliance, with experience in

Apply tot his job Apply To this Job