Haystack
← Back to Jobs
Administrative

Security Compliance Specialist

SECURE RPO LLCLexington, MA🇺🇸United StatesPosted 14 Jul 2026

Quick Overview

Work Type
Hybrid
Level
Mid Senior

Job Description

Job Title: IT Security Compliance Specialist
Project Duration: 24+ Months
Location: Lexington, MA (Hybrid)
 
Position Overview
The IT Security Risk Auditor performs audits of classified and unclassified Information Systems (IS) to ensure that they are maintained in a compliant manner and are following applicable laws and government regulations, including National Industrial Security Program Operating Manual (NISPOM) guidelines regarding the protection of classified information systems, National Institute of Standards and Technology (NIST) standards and special publications, Cybersecurity Maturity Model Certification (CMMC), DCSA Assessment and Authorization Process Manual (DAAPM), and Laboratory Information System Security Procedures.
The position is responsible for maintaining and auditing programs to validate compliance with government regulations and Laboratory Information Security policies. The role includes conducting comprehensive assessments of management, operational, monitoring, and technical security controls employed within or inherited by Information Systems to determine the overall effectiveness of the controls in meeting Authorization to Operate (ATO), government regulatory, and contractual security requirements.
The candidate will also conduct open-source and internal research to identify current threat indicators, exploits, and vulnerabilities.
 
Responsibilities
  • Conduct audits of classified and unclassified Information Systems (IS).
  • Document audit findings, including non-compliance issues and deviations.
  • Identify potential compliance issues and recommend policy and procedure changes.
  • Support preparation for audit and review activities.
  • Maintain and audit programs to validate compliance with government regulations and Laboratory Information Security policies.
  • Conduct comprehensive assessments of management, operational, monitoring, and technical security controls.
  • Evaluate the effectiveness of security controls in support of Authorization to Operate (ATO) requirements.
  • Perform compliance auditing, security reviews, risk assessments, and vulnerability assessments.
  • Conduct open-source and internal research to identify threat indicators, exploits, and vulnerabilities.
Required Qualifications
  • Bachelor''s degree in Computer Science, Information Technology, Computer Information Systems, or a related field.
  • Minimum seven (7) years of experience conducting risk assessments.
  • Minimum seven (7) years of experience in compliance auditing.
  • Experience with security reviews or vulnerability assessments.
  • Technical experience, coursework completed toward a degree, and industry IT certifications may be considered substitutes for education and experience.
  • Strong verbal and written communication skills.
  • Strong time management skills.
  • Minimum seven (7) years of experience with Microsoft Office Suite, including Excel and PowerPoint.
Required Technical Skills
  • IT system security compliance (NIST, PCI, HIPAA, CMMC)
  • Security Technical Implementation Guides (STIGs)
  • NIST SP 800-53 / Risk Management Framework (RMF)
  • NIST SP 800-171
  • NISPOM (32 CFR Part 117)
  • CNSSI 1253
  • DOD Manual 5205.07 Volumes 1–4
  • FAR/DFARS Safeguarding CUI requirements , etc.)
  • DCSA Assessment and Authorization Process Manual (DAAPM 2.0)
Assessment & Authorization Experience
Experience with one or more of the following:
  • NIST SP 800-53 / Risk Management Framework (RMF)
  • Joint Special Access Program (SAP) Implementation Guide
  • NIST SP 800-171
  • Cybersecurity Maturity Model Certification (CMMC) Framework
  • National Industrial Security Program Operating Manual (NISPOM) Chapter 8
Preferred Qualifications
  • Security+ CE
  • CASP
  • CISSP
  • CISA
  • CCP/CCA or other industry-recognized cybersecurity certification
  • Direct experience with DCSA facility compliance reviews and security audits.

Skills

Microsoft Office

Similar jobs