Lead Cybersecurity Compliance Engineer

Lead Cybersecurity Compliance Engineer page is loaded## Lead Cybersecurity Compliance Engineer locations:
The Urban Institute (DC) time type:
Full time posted on:
Posted 4 Days Agojob requisition :
R-801622##
** About Urban Institute:
** The Urban Institute is a research-to-impact institution founded on one simple idea:
To improve lives and strengthen communities, we need practices and policies that work. From advancing well-being to fostering shared prosperity, leaders across sectors are working every day to create brighter futures for all people and communities. For more than 50 years, Urban has delivered evidence and solutions that drive meaningful change, and this remains our charge today.##
** Our Mission
** To drive impact by equipping changemakers with evidence and solutions.
** Our Values
** Collaboration, Fairness Inclusivity, Independence, and Integrity For more information on the Urban Institute, please visit .##
*
* The Opportunity:

** The Lead Cybersecurity Compliance Engineer is a senior role within Urban  Institute’s Technology & Data Science (TECH) department. This position is responsible for ensuring that key Urban IT systems and cloud services meet federal cybersecurity compliance requirements. In practice, the engineer will manage the FedRAMP Moderate Authority to Operate (ATO) compliance process for designated cloud systems, coordinate security requirements into contracts and procurements, and oversee vendor management, security assessments and audits.

The role also involves performing regular compliance activities (such as risk assessments, vulnerability scans, and third-party audits), updating and maintaining security policies and procedures, and monitoring evolving regulatory standards. The Lead Cybersecurity Compliance Engineer will sit on the Infrastructure and Security team and report directly to the Senior Director, Infrastructure and Security.

Responsibilities  
• Manage the FedRAMP Moderate ATO process for designated Urban cloud systems. This includes coordinating security documentation (e.g. System Security Plans (SSPs), Gap Analysis, Privacy Impact Assessments (PIAs)), security assessment reports (SARs), continuous monitoring and required audit activities to meet the NIST-based FedRAMP baseline.  
• Ensure that system architectures and configurations are designed to align with the required security controls for moderate-impact information.  
• Lead cybersecurity contract reviews for all relevant IT procurements. Analyze and update agreements to include necessary security clauses, controls, and compliance requirements. Report on Urban’s ability to comply with contractual cybersecurity requirements and level of effort needed to comply where current systems do not meet contractual requirements.  
• Procure and oversee third-party vendor activities. Organize and conduct vendor risk assessments and audits (including cloud providers and SaaS vendors), coordinate cross-functional vendor review meetings, and validate that vendors implement agreed-upon security controls. Maintain strong vendor relationships and verify third-party adherence to Urban’s security policies.  
• Schedule and manage regular security testing and auditing activities for Urban’s FedRAMP environment. This includes arranging annual 3

PAO audits, external penetration tests and vulnerability assessments, tracking remediation efforts, and reviewing internal audit findings.  
• Develop, update, and maintain cybersecurity policies, standards, procedures, and playbooks with support from the Infrastructure and Security team and other Technology and Data Science team members, as necessary.  
• Support incident response activities, root cause analysis, and reporting requirements.  
• Ensure that all compliance documentation (e.g. plans of action and milestones (POA&Ms), security checklists) is up-to-date and accessible.  
• Stay current with federal and industry cybersecurity regulations and frameworks (such as updates to FedRAMP, NIST guidelines, FISMA, etc.). Translate new requirements into actionable guidance for Urban.  
• Coordinate briefings so that Urban teams understand their compliance obligations.  
• Work closely with…