×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Lead Cybersecurity Compliance Engineer

Job in Washington, District of Columbia, 20022, USA
Listing for: Urban Institute
Full Time position
Listed on 2026-01-27
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 200000 - 250000 USD Yearly USD 200000.00 250000.00 YEAR
Job Description & How to Apply Below

Lead Cybersecurity Compliance Engineer

Join to apply for the Lead Cybersecurity Compliance Engineer role at Urban Institute.

About Urban Institute

The Urban Institute is a research‑to‑impact institution founded on one simple idea:
To improve lives and strengthen communities, we need practices and policies that work. For more than 50 years, Urban has delivered evidence and solutions that drive meaningful change, and this remains our charge today.

Our Mission:
To drive impact by equipping changemakers with evidence and solutions.

Our Values:
Collaboration, Fairness, Inclusivity, Independence, and Integrity.

Opportunity

The Lead Cybersecurity Compliance Engineer is a senior role within Urban Institute’s Technology & Data Science (TECH) department. This position is responsible for ensuring that key Urban IT systems and cloud services meet federal cybersecurity compliance requirements. In practice, the engineer will manage the FedRAMP Moderate Authority to Operate (ATO) compliance process for designated cloud systems, coordinate security requirements into contracts and procurements, and oversee vendor management, security assessments and audits.

The role also involves performing regular compliance activities such as risk assessments, vulnerability scans, and third‑party audits, updating and maintaining security policies and procedures, and monitoring evolving regulatory standards. This role reports directly to the Senior Director, Infrastructure and Security.

Responsibilities
  • Manage the FedRAMP Moderate ATO process for designated urban cloud systems, including coordinating security documentation (SSPs, gap analysis, PIAs), security assessment reports (SARs), continuous monitoring and required audit activities to meet the NIST‑based FedRAMP baseline.
  • Ensure that system architectures and configurations are designed to align with the required security controls for moderate‑impact information.
  • Lead cybersecurity contract reviews for all relevant IT procurements, analyze and update agreements to include necessary security clauses, controls, and compliance requirements.
  • Procure and oversee third‑party vendor activities, conduct vendor risk assessments and audits, coordinate cross‑functional vendor review meetings, and verify third‑party adherence to Urban’s security policies.
  • Schedule and manage regular security testing and auditing activities for Urban’s FedRAMP environment, including arranging annual 3

    PAO audits, external penetration tests and vulnerability assessments, tracking remediation efforts, and reviewing internal audit findings.
  • Develop, update, and maintain cybersecurity policies, standards, procedures, and playbooks with support from the Infrastructure and Security team and other Technology & Data Science team members, as necessary.
  • Support incident response activities, root cause analysis, and reporting requirements.
  • Ensure that all compliance documentation (plans of action and milestones, security checklists) is up‑to‑date and accessible.
  • Stay current with federal and industry cybersecurity regulations and frameworks, translate new requirements into actionable guidance for Urban.
  • Coordinate briefings so that Urban teams understand their compliance obligations.
  • Work closely with Technology & Data Science leadership, project managers, and stakeholders to integrate compliance requirements into projects and update or modify compliant systems as needed.
  • Provide regular status updates on compliance efforts and report any security or compliance gaps to senior management.
  • Support the Infrastructure and Security team as needed for general cybersecurity needs and initiatives.
Requirements
  • At least 5 years of experience in cybersecurity or IT compliance, with a strong focus on federal security frameworks and proven experience preparing for and/or maintaining FedRAMP authorizations (especially Moderate or higher).
  • Bachelor’s degree in Computer Science, Information Security, or a related field or equivalent experience.
  • Experience creating and/or managing system security documentation (SSPs, SARs, POA&Ms) and implementing continuous monitoring programs.
  • In‑depth understanding of the NIST SP 800‑53 Rev 5 security control…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search