Security Compliance Engineer

Hybrid - Onsite 1 day per week (Tuesdays)

XOR Security is seeking a Security Engineer to support IT Security Staff (ITSS) with IT Security audit and compliance support. The ITSS within OCIO manages the enterprise IT security program for the Institution. ITSS works closely with IT staff and other personnel from throughout the Institution on IT security initiatives and processes. ITSS consists of the Security Operations Center (SOC), Systems Risk Management (SRM), PCI Compliance, and Security Architecture & Engineering. The Security Engineer will work with ITSS leadership to perform internal IT Security audits and quality reviews, prepare SI for IG audits, assist with tracking of IG audit requests and resolution of audit findings, performance reviews of compliance with SI policies, track SI’s progress in complying with FISMA metrics, and working with the team to resolve any issues discovered.

Duties:

• Perform internal audits and compliance checks to ensure that SI is compliant with its IT Security policies, procedures, and technical standards.
• Ongoing review and updating of tracking information and evidence for SI compliance with the FISMA metrics used for annual IG audit (using our custom Archer application)
• Perform independent quality assurance checks on System Assessment & Authorization documentation, incident response records, POA&Ms, Key Performance Indicators, policy and procedure documentation, system inventory, etc. and related supporting evidence to ensure they are being maintained effectively.
• Track findings and make recommendations to stakeholders to ensure resolution of any issues discovered in the audits/reviews.
• Assist stakeholders with planning remediations if needed.
• Perform collection and coordination of evidence provided to the IG auditors.
• Assist with tracking and resolution of findings from IG audits, SI-acquired penetration tests, and other assessments.
• Work with ITSS leadership to develop procedures for enforcement and escalation related to security policy violations.
• Provide reports to ITSS and OCIO management based on assessments performed.
• Make recommendations for enhancing SI’s compliance with requirements and standards, improving audit results, and enhancing IT security at SI.
• Ensure that SI is prepared for annual IG security audit and that necessary evidence has been reviewed and is ready to be provided.
• Participate in planning of IT security program improvements to address emerging requirements and risks.
• Collaborate and communicate effectively with project teams and customers. Develop effective working relationships with colleagues and project stakeholders.
• Give presentations on findings and recommendations to various audiences.

Required qualifications:

• 5 years of technical experience
• CISSP or CASP Certification (Preferred)
• Bachelors Degree (Preferred) 
• Experience performing audits, compliance assessments, and quality assurance checks.
• Knowledge and experience with NIST computer security frameworks and guidelines, including the Risk Management Framework (RMF) and the CyberSecurity framework (CSF). Understanding of additional security frameworks and best practices such as PCI DSS, CIS, etc. is a plus.
• In depth knowledge of computer security best practices and technical concepts.
• Must be well-organized and detail-oriented.
• Ability to coordinate, prioritize multiple tasks, and be adaptable to change to accomplish assignments.
• Excellent writing, interpersonal and communication skills. Must be able to effectively communicate with a variety of audiences in a broad range of formats to inform, collaborate and advise personnel throughout the organization.
• Ability to work both independently and collaboratively with teams. Must be responsible and capable of working with minimal supervision to effectively achieve the goals stated above, but also work well with others.

Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance RequirementApplicants selected may be subject to a government security investigation and must meet eligibility requirements – US CITIZENSHIP REQUIRED.