• Security Compliance Engineer

    Job Locations US-VA-Arlington
    Posted Date 2 weeks ago(7/6/2018 8:50 AM)
    Job ID
    # of Openings
    Information Technology
  • Overview

    SC3 is a leading provider of high-end mission support, consulting and technology solutions to the federal government in defense, intelligence, and civil markets, and to major corporations and nonprofit organizations. SC3�s national security efforts reach across the intelligence community and Department of Defense, providing full life-cycle operational and cyber support and differentiated capabilities to meet our customer�s challenging mission. In addition to our government services area, SC3 provides cutting-edge competitive intelligence and strategic management consulting to commercial clients. Private industry leaders from the financial, health care, manufacturing and other sectors turn to SC3 to ensure that they have access to the most relevant, current, and strategically important information � not only to grow their businesses, but also to protect them.


    The Information Security Compliance Engineer will play an integral part in the development, implementation, and compliance of security across the Office of Foreign Disaster Assistance (OFDA) General Support System (GSS). The position is responsible for managing risks related to information security, physical security, business continuity planning, crisis management, privacy, and compliance. In addition, this position will ensure all FISMA security controls for the Moderate GSS are properly documented and continually monitored for the OFDA network.


    Specific responsibilities include but are not limited to:

    • Raise risk concerns to OFDA management so they can be discussed and addressed.
    • Developing and implementing security standards, processes and procedures, and guidelines.
    • Coordinating with technology and business groups to assess, implement, and monitor IT-related security risks and mitigating controls/systems.
    • Ensuring and monitoring security compliance with industry and government rules and regulations and established USAID policy, OFDA procedure, and business practices.
    • Monitoring physical access controls, system security, data classification, security profiles and password requirements, business continuity plan, security related policies and procedures, incident response reporting, and service provider activities.
    • Support Change management, Configuration Management, Incident management, and disaster recovery tasks and events.
    • Maintain security documents to ensure they can easily be found and are kept up to date to include A&A package, plans and procedures.
    • Maintain SP800-53Rev4 FISMA security controls.
    • Work closely with engineering, business and technical operations, information security, and others to assure controls are implemented successfully; monitored and tested regularly.
    • Perform Continuous Monitoring on the OFDAnet system.
    • Manage liaison relationships for compliance audits/certifications and eliminate compliance findings and gaps.
    • Learn and manage CSAM for compliance use in monitoring and reporting of status, metrics, KPIs, etc.
    • Support vulnerability analysis, security engineering and operations reviews, and security and privacy policy initiatives.
    • Execute remediation and response mechanisms to address audit recommendations and observations
    • Experience with developing and managing Plans of Action & Milestones (POA&M’s)
    • Report on matters of compliance to outside entities such as the USAID CIO, DHS and IG.
    • Develop and implement Privacy Threshold Analysis and Privacy Impact Assessments.
    • Conduct research and approval process for requested new software.
    • Develop, conduct and monitor security and privacy training.
    • Track findings with Plan of Action and Milestones (POA&M) through mitigation and/or risk acceptance.
    • Conduct periodic and continuous reviews of the system to ensure compliance with the authorization package


    A minimum of three years of Security Compliance expeirence is required. 


    Our values are simple and straightforward. We know that competitive salaries and generous benefits are essential in our industry and SC3 strives to offer the best in both areas. We are proud to offer: Medical/Dental/Vision Insurance 401(k) Plan Supplemental Life & AD&D Short & Long-Term Disability Insurance Flexible Spending Plan Paid Time Off Paid Holidays Professional Development Employee Referral Bonus Identity Protection Services We are proud to be an EEO/AA employer M/F/D/V. We maintain a drug-free workplace and perform pre-employment substance abuse testing as required by the customer.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed