Senior Cyber Security Compliance Officer

Who We Are:

PEAKE is a thriving small business with a strong emphasis on integrity and a mission-focused approach. We value inspiration, innovation, and the power of fresh perspectives. We are seeking talented individuals who are dedicated to excellence and continuous growth.

We foster an environment that encourages inspiration and innovation. Your ideas and creativity matter to us. We believe that the power of fresh perspectives drives our success and helps us stay ahead of the curve. Your contributions will have a meaningful impact on our company's growth and success.

The Mission:

Guard Enterprise Cyber Operations Support (GECOS) is an IT Service Management contract in support of the operation, modernization, expansion, and further evolution of the ARNG’s global Information Technology (IT) services including networking, compute, storage, infrastructure, applications, hosting, and program management services. The GECOS program supports the ARNG enterprise IT infrastructure, its Wide Area Network (WAN), authentication and directory services, cybersecurity, application hosting, and associated services. GECOS uses ITIL best practices framework as the basis for IT Service Management (ITSM) model.

Who We're Looking For:

We are seeking a self-motivated Senior Cyber Security Compliance Officer to join our team immediately. The ideal candidate will possess proven expertise in cybersecurity compliance, with a strong focus on the operational execution of cybersecurity programs, processes, and practices. This role may function as either an Information Systems Security Officer (ISSO) or an Information Systems Security Manager (ISSM), emphasizing both technical proficiency and leadership capabilities.

An active DoD security clearance (Secret or higher) is required.

Cyber Security Compliance Officer Responsibilities:

Compliance Assessment:
Evaluate ARNG’s adherence to cybersecurity requirements and recommend operational activities, processes, and practices to enhance the cybersecurity program.

Threat Management:
In collaboration with the RCC-NG, identify, protect against, detect, respond to, recover from, and analyze threats to the ARNG enterprise network and its enabling technologies, addressing compliance-related gaps and risks.

Vulnerability Identification:
Support ARNG in identifying vulnerabilities within the enterprise network and its enabling technologies while assessing compliance with cybersecurity requirements and established operational practices.

Secure IT Configuration:
Assist the Government in ensuring secure configuration and obtaining approval for IT components below the system level, coordinating with the RCC-NG and adhering to applicable guidelines before integration into an Army Information System.

eMASS Administration:
Contribute to the implementation, management, and administration of organizational structures and workflows within the eMASS platform.

Certification Enforcement:
Aid in enforcing the DCWF and cybersecurity certification program to ensure training and certification requirements are managed, enforced, and properly reported.

Access Request Management:
Help ARNG implement a documented, streamlined process for reviewing, processing, and approving system access requests.

Compliance Scanning:
Utilize ACAS and other compliance-related tools to scan network devices, ensuring they meet current best practices and CCRI requirements, and verify system configurations and statuses.

Reporting:
Prepare and submit comprehensive security reports (e.g., IAVA, intrusion, virus incidents, FISMA) as required by the Government.

IAVA Compliance Tracking:
Monitor enterprise-level IAVA compliance and report on state efforts toward achieving compliance.

Technical Support for States/Territories:
Assist states and territories with scan policy implementation, asset identification, resolution of plug-in issues, and general troubleshooting related to compliance scans.

Remediation Coordination:
Coordinate with the SOC and RCC-NG to leverage the AESS tools suite, working with states on compliance findings and remediation efforts.

Request Processing:
Process FPA and WCF requests to validate requirements and identify associated risks.

Security Architecture Evaluation:
Collaborate with system owners and administrators to assess security architecture and vulnerabilities through security scans, configuration reviews, analysis of system design documentation, and interviews.

Certification Maintenance:
Maintain relevant baseline certification(s) required for DoD 8570.01-M Information Assurance System Architect and Engineer (IASAE) Level III, such as CompTIA Advanced Security Practitioner (CASP), Certified Information Security Manager (CISM), CompTIA Cybersecurity Analyst (CySA+), or Certified Information Systems Security Professional (CISSP).

Qualifications:

Bachelor's Degree in a technical concentration from an accredited university preferred

Demonstrated expertise in cybersecurity compliance, with experience in program operational execution.

Strong technical acumen combined with proven leadership abilities.

Relevant certifications, such as:

CompTIA Advanced Security Practitioner (CASP)

Certified Information Security Manager (CISM)

CompTIA Cybersecurity Analyst (CySA+)

Certified Information Systems Security Professional (CISSP)

Clearance:

Secret required

Location:

Hybrid (3 days onsite in Arlington/2 days remote)

PEAKE offers great benefits to employees, including: 

Medical, dental and vision coverage

Life insurance

Short- and long-term disability coverage

401k with employer match

Generous PTO: 3 Weeks Flexible Paid Time Off (PTO) plus 11 Paid Holidays

Flexible work schedule

Tuition and/or technical training reimbursement

Employee Referral Program

Opportunity for advancement within company

www.PEAKE.com

Employees are hired based solely on PEAKE personnel requirements and the qualifications of each individual candidate. We do not tolerate nor condone discrimination due to age, race, color, religion, sex, national origin or disability. We will comply with the spirit and letter of all local, state and federal laws pertaining to employment. Furthermore, we will not discriminate due to age, race, color, religion, sex, national origin or disability when making decisions regarding termination of employees.