×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Senior Cybersecurity Engineer - Compliance & Risk Management

Job in Alexandria, Fairfax County, Virginia, 22350, USA
Listing for: Human Resources Research Organization (HumRRO)
Full Time position
Listed on 2025-12-01
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Job Description & How to Apply Below

Overview

Senior Cybersecurity Engineer - Compliance & Risk Management is a role at Human Resources Research Organization (HumRRO). The organization is a non-profit leader in developing high-impact services and products in employment, military, student testing, and professional credentialing and licensure.

As a non-profit, HumRRO focuses on science and society, with a collaborative and supportive environment. The organization supports diversity, equity, and inclusion for all staff.

About The Job

We are seeking a Senior Cybersecurity Engineer to lead enterprise compliance and security programs across federal, state, and private sector engagements. This role manages multiple compliance frameworks including CMMC, FedRAMP, SCRM, NIST 800-171/800-53, and ISO 27001:2022. You will work on compliance standards across hybrid cloud environments, lead a team of junior engineers conducting vulnerability assessments and security scanning operations, create security documentation, develop compliance policies, respond to time-critical security requirements from clients, and manage third-party compliance audits.

Responsibilities
  • Lead enterprise cybersecurity compliance programs (CMMC, FedRAMP, SCRM, NIST frameworks, ISO 27001:2022)
  • Manage monthly compliance reporting and KPI dashboards for executive leadership
  • Coordinate third-party compliance audits (NIST 800-171, CMMC, ISO 27001, FedRAMP) and remediation activities
  • Maintain compliance evidence catalogs and SaaS compliance implementation controls
  • Evaluate and implement security controls across software applications and cloud platforms AWS, Azure, and Office 365
  • Oversee RMF processes for government contract organizations and DoD applications (ATO/IATT/IATO documentation)
  • Conduct weekly POA&M reviews and monthly security assessments
  • Develop and maintain security policies, procedures, and technical standards
  • Lead vulnerability management programs and conduct security assessments and penetration testing coordination
  • Manage business continuity of operations (COOP) including disaster recovery and crisis management
  • Lead incident response and security event investigation
  • Mentor and manage junior cybersecurity engineers and analysts
  • Interface with federal agencies, auditors, and compliance assessors
  • Collaborate with system architects for security requirements on cloud workloads, migrations, and hybrid environments
  • Oversee customer cyber security questionnaires and qualifications with time-critical deadlines
  • Coordinate with HumRRO Contracts Division on written responses to RFPs regarding IT security, data privacy and regulatory compliance
  • Assist with C-SCRM program implementation and administration
  • Develop compliance documentation and security narratives for proposals
  • Support business development with technical security expertise
  • Act as subject matter expert on internal security controls and regulations
Minimum Requirements
  • US Citizen with ability to obtain/maintain security clearance
  • On-site in Alexandria, VA (up to 2 remote days after probation)
  • Bachelor's degree in Cybersecurity, Computer Science, or equivalent field (work experience may be considered in lieu of degree)
  • 7+ years of cybersecurity engineering and compliance experience
  • 5+ years of enterprise experience managing Risk and Compliance across multiple regulatory frameworks
  • Existing Security+ certification or ability to obtain within 6 months (CISSP, CCSP, or CISM preferred)
  • Deep expertise in NIST 800-171/800-53, RMF, and DoD compliance frameworks
  • Hands-on experience with CMMC and FedRAMP authorization processes
  • Proficiency in Office 365 security configuration and management
  • Experience with vulnerability scanning tools (ACAS, Nessus, Rapid7, Qualys)
  • Strong analytical and information-gathering skills with ability to manage multiple tasks under deadlines
  • Excellent communication skills for stakeholder engagement
Preferred
  • Active DoD clearance
  • Experience in nonprofit sector IT management
  • CMMC CCP or CCA
  • Experience with FedRAMP 3

    PAO assessments
  • Knowledge of Supply Chain Risk Management (SCRM) frameworks
  • AWS certifications (Solutions Architect, Security Specialty)
  • Dev Sec Ops  pipeline integration and IAC experience
  • CISSP, CCSP, CISM, or CISSP-ISSAP…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search