IT Security Specialist III - Compliance

RCG is a growing federal contracting company and Certified as a Great Place to Work. We are looking for strongly qualified people to help support our clients. We are currently seeking an IT Security Specialist III to support a current proposal effort with our customer located in Washington, DC (with an additional location in Hillcrest Heights, MD).

The IT Security Specialist III analyzes information security systems and applications and recommends and develops security measures to protect information against unauthorized modification or loss. Familiar with a variety of the field's concepts, practices, and procedures. Relies on experience and judgment to plan and accomplish goals. Performs a variety of complicated tasks. May lead and direct the work of others. Typically reports to a project leader or manager. A wide degree of creativity and latitude is expected.

RESPONSIBILITIES INCLUDE, BUT ARE NOT LIMITED TO:

• Analyze management and technical controls to ensure that specific security and compliance requirements are met through the verification of documented processes, procedures, and standards to validate the maintenance of secure configurations.
• Map requirements and regulatory requirements across the Risk Management Framework (RMF) information security framework to identify overlapping requirements and compliance efficiencies.
• Track enterprise compliance across multiple security frameworks including Service Organization Control Type 2 (SOC 2), National Institute of Standards and Technology (NIST), and Federal Information Security Management Act (FISMA) and maintain up-to-date records of requirements and corresponding mitigating controls.
• Monitor third-party risk assessments and assist in performing internal risk assessments.
• Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle.
• Monitor change management process to ensure compliance.
• Develop key performance metrics to track and ensure compliance with established policies and standards.
• Support the development of security processes and procedures and support service-level agreements to ensure that security controls are managed and maintained.
• Participate in the development of security and privacy awareness training in conjunction with other members of the Security Compliance group.

CLEARANCE:

• Existing Public Trust, or the ability to obtain one.

BASIC QUALIFICATIONS - REQUIRED EXPERIENCE, SKILLS:

• BS/BA degree in a related area (or equivalent), and 4 to 6 years of experience in the field or in a related area.
• Excellent communication skills in the English language - both verbal and written.

DESIRED EXPERIENCE, SKILLS, KNOWLEDGE:

• Proficient in key areas of security such as: Vulnerability Management, Intrusion Prevention and Detection, Access Control and Authorization, Policy Enforcement, Application Security, Protocol Analysis, Firewall Management, Incident Response, Data Loss Prevention (DLP), Encryption, Two-Factor Authentication, Web filtering, and Advanced Threat Protection.
• Experience with NIST standards, such as SP 800-53, RMF, CSF, and 800-17.
• Ability to maintain confidentiality and safeguarding of proprietary, sensitive information.
• CISSP, CAP, CRISC, CISA, CISM, CCNA, CCNA Security, Security+, or CySA+

Physical Demands: Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

RCG, Inc. does not discriminate against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibits discrimination against all individuals based on their race, color, religion, sex, sexual orientation/gender identity, or national origin.