Job Requirements
Washington, DC
Public Trust Polygraph Unspecified
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries
Job Description
Koniag Data Solutions, LLC, a Koniag Government Services company, is seeking a Security Policy and Compliance Lead to support KDS and our government customer in Washington, DC. This position requires the candidate to be able to obtain a Public Trust.
We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more.
Koniag Data Solutions, a Koniag Government Services company, is seeking an experienced Security Policy and Compliance Lead to support the U.S. Small Business Administration (SBA). The ideal candidate is a seasoned cybersecurity professional with deep expertise in federal security policy development, compliance program management, and the application of federal cybersecurity frameworks and regulations within complex federal government environments. This individual will serve as the primary subject matter expert (SME) for security policy and compliance activities at the SBA, providing strategic guidance, technical leadership, and hands-on program management to ensure the agency's cybersecurity policies, procedures, and practices align with applicable federal laws, regulations, executive orders, and industry best practices.
The Security Policy and Compliance Lead will serve as the senior expert responsible for leading and managing SBA's security policy and compliance programs, ensuring the agency's cybersecurity posture aligns with federal security requirements, regulatory obligations, and organizational risk tolerance.
Principal responsibilities will include but are not limited to:
Education and Experience:
Required:
Desired:
Required Skills and Competencies:
Desired Skills and Competencies:
Our Equal Employment Opportunity Policy
The company is an equal opportunity employer. The company shall not discriminate against any employee or applicant because of race, color, religion, creed, ethnicity, sex, sexual orientation, gender or gender identity (except where gender is a bona fide occupational qualification), national origin or ancestry, age, disability, citizenship, military/veteran status, marital status, genetic information or any other characteristic protected by applicable federal, state, or local law. We are committed to equal employment opportunity in all decisions related to employment, promotion, wages, benefits, and all other privileges, terms, and conditions of employment.
The company is dedicated to seeking all qualified applicants. If you require an accommodation to navigate or apply for a position on our website, please get in touch with Heaven Wood via e-mail at accommodations@koniag-gs.com or by calling 703-488-9377 to request accommodations.
Koniag Government Services (KGS) is an Alaska Native Owned corporation supporting the values and traditions of our native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services and Operational Management to Federal Government Agencies. As a wholly owned subsidiary of Koniag, we apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical, professional, and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers, employees, and native communities. For more information, please visit www.koniag-gs.com .
Equal Opportunity Employer/Veterans/Disabled. Shareholder Preference in accordance with Public Law 88-352
We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more.
Koniag Data Solutions, a Koniag Government Services company, is seeking an experienced Security Policy and Compliance Lead to support the U.S. Small Business Administration (SBA). The ideal candidate is a seasoned cybersecurity professional with deep expertise in federal security policy development, compliance program management, and the application of federal cybersecurity frameworks and regulations within complex federal government environments. This individual will serve as the primary subject matter expert (SME) for security policy and compliance activities at the SBA, providing strategic guidance, technical leadership, and hands-on program management to ensure the agency's cybersecurity policies, procedures, and practices align with applicable federal laws, regulations, executive orders, and industry best practices.
The Security Policy and Compliance Lead will serve as the senior expert responsible for leading and managing SBA's security policy and compliance programs, ensuring the agency's cybersecurity posture aligns with federal security requirements, regulatory obligations, and organizational risk tolerance.
Principal responsibilities will include but are not limited to:
- Serve as the primary subject matter expert (SME) and program lead for SBA's security policy and compliance programs, providing strategic direction, technical guidance, and hands-on leadership to ensure the agency's cybersecurity policies, procedures, and practices meet all applicable federal security requirements and regulatory obligations.
- Lead the development, review, maintenance, and continuous improvement of SBA's cybersecurity policy framework, including agency-wide security policies, standards, procedures, guidelines, and baselines, ensuring alignment with NIST, FISMA, OMB, and CISA requirements and directives.
- Oversee and manage SBA's compliance program, ensuring the agency's IT systems, security controls, and operational practices comply with applicable federal cybersecurity laws, regulations, executive orders, and OMB mandates, including FISMA, OMB Circular A-130, and relevant CISA Binding Operational Directives (BODs) and Emergency Directives (EDs).
- Lead and support the NIST Risk Management Framework (RMF) process across SBA's system portfolio, providing expert guidance on security categorization, control selection, implementation, assessment, authorization, and continuous monitoring activities.
- Develop, maintain, and continuously improve SBA's continuous monitoring program, including the development of monitoring strategies, assessment schedules, and reporting mechanisms to track the ongoing security posture of SBA's information systems and report compliance status to agency leadership.
- Oversee the preparation and submission of SBA's annual FISMA reporting requirements, coordinating with system owners, security control assessors, and agency leadership to compile accurate and comprehensive FISMA metrics and performance data.
- Collaborate with SBA IT teams, system owners, program offices, and the Office of Inspector General (OIG) to address audit findings, compliance gaps, and POA&M (Plan of Action and Milestones) items, developing and tracking corrective action plans to ensure timely resolution.
- Lead the development and maintenance of SBA's Plan of Action and Milestones (POA&M) program, overseeing the identification, tracking, prioritization, and remediation of security weaknesses and compliance deficiencies across SBA's system portfolio.
- Provide expert guidance and support for third-party security assessments, audits, and evaluations, including those conducted by the OIG, GAO, and other oversight bodies, coordinating SBA's response to audit findings and recommendations.
- Develop and maintain a comprehensive security compliance roadmap and reporting framework, providing SBA leadership with regular visibility into the agency's compliance posture, outstanding risks, and remediation progress.
- Monitor and analyze changes to federal cybersecurity laws, regulations, executive orders, OMB guidance, and CISA directives, assessing their impact on SBA's security policy and compliance programs and leading the timely implementation of required program updates and changes.
- Collaborate with the Cybersecurity Architect, SOC, privacy, and other cybersecurity program teams to ensure security policies and compliance requirements are integrated into technical operations, system design, and security architecture activities.
- Develop and deliver security policy and compliance awareness training and briefings to SBA personnel, system owners, and leadership, fostering a culture of security compliance and shared accountability across the agency.
- Support the development and maintenance of SBA's cybersecurity strategy and roadmap, providing expert input on policy and compliance considerations to inform agency-wide security investment and improvement decisions.
- Serve as a liaison with external stakeholders, including OMB, CISA, DHS, and other federal agencies, on security policy and compliance matters, representing SBA's interests and ensuring alignment with governmentwide cybersecurity policy initiatives and mandates.
Education and Experience:
Required:
- Bachelor's degree in Cybersecurity, Information Technology, Information Assurance, Computer Science, or a related field from an accredited college or university.
- 8+ years of progressive experience in cybersecurity policy, compliance, information assurance, or a related field, with at least 3 years in a lead or senior role managing federal security policy and compliance programs.
- Demonstrated experience managing federal cybersecurity compliance programs, including FISMA reporting, RMF implementation, and POA&M management, within a federal government agency or supporting a federal government customer.
- In-depth knowledge of federal cybersecurity laws, regulations, and guidance, including FISMA, OMB Circular A-130, NIST SP 800-53, NIST RMF, and applicable CISA BODs and EDs.
- One or more of the following certifications:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- GIAC Security Essentials (GSEC)
- GIAC Certified Enterprise Defender (GCED)
- CompTIA Security+ (with demonstrated senior-level experience in policy and compliance roles)
- Certified Authorization Professional (CAP) / ISC2 Certified in Governance, Risk and Compliance (CGRC)
Desired:
- Master's degree in Cybersecurity, Information Assurance, Public Administration, or a related field.
- 10+ years of experience in federal cybersecurity policy and compliance program management, with demonstrated experience supporting a federal civilian agency of similar size and complexity to the SBA.
Required Skills and Competencies:
- Exceptional communication skills in English - both written and oral - with the ability to clearly communicate complex security policy, compliance, and regulatory requirements to diverse audiences, including technical staff, program managers, system owners, and senior agency leadership.
- Deep expertise in federal cybersecurity frameworks, laws, and regulations, including FISMA, OMB Circular A-130, NIST SP 800-53, NIST RMF, NIST CSF, and applicable CISA BODs, EDs, and guidance documents.
- Comprehensive knowledge of the NIST Risk Management Framework (RMF) process, including security categorization (FIPS 199), control selection and tailoring (NIST SP 800-53), security assessment (NIST SP 800-53A), authorization, and continuous monitoring (NIST SP 800-137).
- Strong experience developing, reviewing, and maintaining federal cybersecurity policy documentation, including agency security policies, standards, procedures, guidelines, system security plans (SSPs), and security assessment reports (SARs).
- Demonstrated experience leading and managing federal FISMA compliance programs, including the preparation and submission of annual FISMA reports, performance metrics, and supporting documentation.
- Experience developing and managing POA&M programs, including the identification, tracking, prioritization, and remediation of security weaknesses and compliance deficiencies across complex federal system portfolios.
- Proficiency in developing and managing continuous monitoring programs, including the development of monitoring strategies, assessment schedules, and compliance reporting mechanisms aligned with NIST SP 800-137 and CISA CDM program requirements.
- Experience supporting third-party security audits, assessments, and evaluations, including those conducted by the OIG, GAO, and independent assessors, and coordinating agency responses to audit findings and recommendations.
- Strong knowledge of federal IT governance frameworks and their relationship to cybersecurity policy and compliance, including OMB IT governance requirements, Federal Enterprise Architecture (FEA), and FITARA.
- Ability to develop and deliver effective security policy and compliance awareness training and briefings to diverse federal agency audiences, including technical staff, program managers, and senior leadership.
- Strong analytical and problem-solving skills, with the ability to assess complex compliance challenges, identify root causes, and develop practical, risk-informed remediation strategies.
- Ability to obtain and maintain a Public Trust Clearance.
Desired Skills and Competencies:
- Prior experience supporting SBA or other federal civilian agency security policy and compliance programs, with demonstrated knowledge of SBA's mission, IT environment, and cybersecurity compliance obligations.
- Experience with GRC (Governance, Risk, and Compliance) platforms and tools, such as Archer, ServiceNow GRC, CSAM, or similar, for managing security compliance, POA&M tracking, and RMF documentation within a federal environment.
- Familiarity with cloud security compliance requirements, including FedRAMP authorization processes, FedRAMP continuous monitoring requirements, and the security compliance implications of cloud service adoption within federal agencies.
- Knowledge of supply chain risk management (SCRM) frameworks and their integration into federal agency cybersecurity policy and compliance programs, including NIST SP 800-161 and applicable OMB guidance.
- Experience supporting federal agency responses to CISA Binding Operational Directives (BODs) and Emergency Directives (EDs), including the development and tracking of agency implementation plans and compliance reporting.
- Familiarity with the CDM (Continuous Diagnostics and Mitigation) program, its tools and data requirements, and the integration of CDM capabilities into agency continuous monitoring and compliance programs.
- Experience developing and managing cybersecurity policy and compliance programs that address emerging technology areas, including artificial intelligence, cloud computing, and zero trust architecture implementation.
- Knowledge of federal records management requirements and their intersection with cybersecurity policy and compliance obligations, including NARA guidance and federal records schedules.
- Experience supporting federal agency interactions with oversight bodies, including the OIG, GAO, and congressional oversight committees, on cybersecurity policy and compliance matters.
- Familiarity with privacy law and its intersection with cybersecurity policy and compliance, including the Privacy Act of 1974, OMB privacy guidance, and NIST privacy controls.
- Certified in Risk and Information Systems Control (CRISC) certification.
- Experience developing enterprise cybersecurity compliance dashboards, scorecards, and executive reporting mechanisms to provide agency leadership with real-time visibility into compliance posture and risk levels.
Our Equal Employment Opportunity Policy
The company is an equal opportunity employer. The company shall not discriminate against any employee or applicant because of race, color, religion, creed, ethnicity, sex, sexual orientation, gender or gender identity (except where gender is a bona fide occupational qualification), national origin or ancestry, age, disability, citizenship, military/veteran status, marital status, genetic information or any other characteristic protected by applicable federal, state, or local law. We are committed to equal employment opportunity in all decisions related to employment, promotion, wages, benefits, and all other privileges, terms, and conditions of employment.
The company is dedicated to seeking all qualified applicants. If you require an accommodation to navigate or apply for a position on our website, please get in touch with Heaven Wood via e-mail at accommodations@koniag-gs.com or by calling 703-488-9377 to request accommodations.
Koniag Government Services (KGS) is an Alaska Native Owned corporation supporting the values and traditions of our native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services and Operational Management to Federal Government Agencies. As a wholly owned subsidiary of Koniag, we apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical, professional, and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers, employees, and native communities. For more information, please visit www.koniag-gs.com .
Equal Opportunity Employer/Veterans/Disabled. Shareholder Preference in accordance with Public Law 88-352
group id: 10201473