Senior Cybersecurity Compliance Analyst

Summary

Join Aretum, a mission-driven organization, and become a Security Controls Assessment Lead. Lead and execute end-to-end security control assessments for federal information systems, adhering to NIST SP 800-53 Revision 5 and the Risk Management Framework (RMF). Develop Security Assessment Plans (SAPs), conduct technical evaluations, analyze system artifacts, produce Security Assessment Reports (SARs), and present findings. Coordinate assessor activities, align with CSAM or equivalent tools, and validate compliance documentation. This remote position requires a minimum of 5 years of federal cybersecurity experience, including 3 years leading RMF-based A&A activities. Occasional travel may be required. Aretum is committed to fostering a workplace rooted in excellence, integrity, and equal opportunity for all.

Requirements

• Minimum of 5 years of experience in federal cybersecurity, with at least 3 years conducting or leading RMF-based assessment and authorization (A&A) activities
• In-depth knowledge of NIST SP 800-53 Rev. 5, FISMA, and FedRAMP Moderate baselines
• Demonstrated experience preparing and reviewing RMF documentation (e.g., SAP, SAR, SSP, POA&M, BIA, Contingency Plan)
• Hands-on proficiency with A&A platforms, preferably CSAM
• Strong organizational, analytical, and communication skills, with the ability to interface with both technical staff and senior management
• Proven ability to manage concurrent assessments and track progress through audit-readiness completion
• Applicants must be U.S. citizens and currently authorized to work in the United States on a full-time basis

Responsibilities

• The Security Controls Assessment Lead is responsible for leading and executing the end-to-end security control assessment process for federal information systems, aligned with NIST SP 800-53 Revision 5 and the Risk Management Framework (RMF)
• Responsibilities include development of Security Assessment Plans (SAPs), conducting technical control evaluations and interviews, analyzing system artifacts, producing Security Assessment Reports (SARs), and presenting findings to stakeholders
• The role involves daily coordination of assessor activities, alignment with CSAM or equivalent tools, and validation of compliance documentation including POA&Ms and RMF lifecycle artifacts such as the BIA, Contingency Plan, Configuration Management Plan, and Privacy Threshold Analysis

Preferred Qualifications

• Active CISSP, CISM, or equivalent professional security certification (CISSP preferred)
• Experience supporting agency-specific assessment frameworks or tailoring FedRAMP packages
• Familiarity with hybrid and cloud-native federal environments, and implementation of continuous monitoring strategies
• Ability to assess emerging federal directives (e.g., OMB memos, Emergency Directives) and translate them into actionable security guidance

Benefits

This is a remote/work-from-home position