We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
LCG, Inc. jobs

FISMA Compliance Support Lead

LCG, Inc.
$100,000.00 - $200,000.00 / yr
retirement plan
United States, Maryland, Maryland
Sep 13, 2025

FISMA Compliance Support Lead

Location: Bethesda, MD (Onsite with some Hybrid flexibility)

Job Overview: LCG is seeking a highly skilled FISMA Compliance Support Lead to manage and implement FISMA compliance across a Client's IT systems. The FISMA Compliance Support Lead will serve as the senior subject matter expert for Federal Information Security Modernization Act (FISMA) compliance, providing expertise in security assessments, documentation review, risk analysis, and reporting. The role requires hands-on knowledge of federal compliance frameworks, cybersecurity tools, and the ability to collaborate with technical and business stakeholders.

The role partners closely with the Client Information System Security Officer (ISSO) to provide program, project, task, risk, and issue management; participates in recurring status meetings; and aligns all activities to Client's Information Security & Privacy program goals

Key Responsibilities

Compliance Oversight



  • Ensure the effective implementation of annual FISMA reporting review requirements.
  • Review and validate security documentation for Client's systems, ensuring FISMA compliance is implemented, tracked, and monitored.
  • Provide subject matter expertise for Security Assessment and Authorization (A&A) processes in a federal IT environment.
  • Independently perform Security Authorization of information systems using NIST SP 800-53 Rev. 5 controls; determine control effectiveness and document findings to support credible, risk-based ATO decisions.
  • Lead the three Security Authorization phases and associated artifacts.
  • Maintain all ATO documentation in CSAM and submit/track POA&Ms weekly/monthly with System Owners, CIO, and ISSO.


Cybersecurity & Risk Management



  • Research, analyze, and report on trends using publicly available and internal cybersecurity data.
  • Monitor emerging cybersecurity tools (BigFix, Splunk, Tripwire, Cylance, Tenable, etc.) to support compliance and risk reduction.
  • Track vulnerability advisories, errata, alerts, and bulletins to ensure risks are identified, disseminated, and mitigated.
  • Collaborate with IT Security teams to ensure technical controls meet FISMA, NIST, and NIH standards.
  • Implement and mature Continuous Diagnostics & Mitigation (CDM) capabilities: monitor scans for all systems, alert technical POCs to risks, and provide mitigation guidance.
  • Support enterprise vulnerability management with credentialed scans, risk analysis, remediation guidance, and integration with NIH capabilities; monitor external vulnerability sources and advise on mitigation priorities.
  • Execute Risk Management Framework activities and contribute to the Client risk management program.


Documentation and Reporting



  • Prepare, review, and update System Security Plans (SSPs), security controls documentation, and risk assessments.
  • Develop compliance reports and metrics to measure Client's security posture.
  • Support audits, inspections, and annual security reviews by federal oversight bodies.
  • Maintain technical controls and organizational processes that ensure continuous compliance.
  • Lead weekly, monthly, and quarterly customer meetings; produce agendas, minutes, dashboards, and track action items and deliverables.
  • Translate security concepts into actionable recommendations; perform detail-oriented system documentation and updates to execute ATO support duties.


Leadership and Stakeholder Engagement



  • Work with program management, IT operations staff, and system owners to align compliance activities with Client's objectives.
  • Provide training, guidance, and subject matter expertise on FISMA requirements to stakeholders.
  • Communicate compliance findings and recommendations effectively to both technical and non-technical audiences.
  • Coordinate with NIH/CIT, Client OIT, and cross-contractor teams to ensure consistent policy interpretation, inheritance planning (NIH Inheritability Matrix/InfoSec Control Catalog), and alignment with enterprise changes affecting compliance.


Incident & Data Protection Collaboration



  • Support incident response coordination with NIH Incident Response and Privacy teams; assist with forensic analysis, threat intelligence, and related reporting when compliance issues intersect with incidents.
  • Support Data Loss Prevention and sensitive-data discovery/reporting activities to safeguard data at rest, in use, and in transit.


Service Levels & Coverage



  • Support compliance activities within a 24x7 operating context for network/cybersecurity functions, including participation in defined escalation/communication protocols during Non-Core Business Hours and maintenance weekends (first Saturday monthly).
  • Work with OIT to uphold SLA expectations and root-cause analysis requirements for major incidents (S1/S2/S3), ensuring timely, audit-ready documentation


Requirements



  • 4-6 years of hands-on experience providing technology leadership in FISMA compliance.
  • 3+ years of experience with emerging cybersecurity tools (Splunk, Tripwire, BigFix, Tenable, Cylance, etc.).
  • Experience with Security Assessment and Authorization (A&A) processes in a federal environment.
  • Bachelor's degree in Computer Science, Engineering, or related STEM field (an additional 4 years of relevant experience may substitute).
  • 10+ years of cybersecurity-related experience overall.
  • Certifications: Active CISSP, CISA, CISM, SSCP, or equivalent.
  • Prior federal government IT security and FISMA compliance experience.
  • Strong skills in strategic thinking, negotiation, multi-tasking, conflict management, and time management.
  • Expert-level proficiency in Microsoft Word, Excel, PowerPoint, and Visio.
  • Familiarity with ServiceNow or other IT ticketing systems.
  • Ability to anticipate changes and recommend proactive compliance solutions.
  • Strong written and oral communication skills with the ability to clearly convey compliance requirements to stakeholders.
  • Ability to work independently while also thriving in an integrated, cross-functional team environment.
  • Hands-on use of CSAM for ATO lifecycle management, including POA&M submission and status reporting cadence.
  • Developing inheritance matrices and leveraging NIH tailored templates and control catalogs for on-prem and cloud systems.
  • Leading CDM and enterprise vulnerability management activities and coordinating remediation with System Owners and Workstream Leads


Compensation and Benefits

The projected compensation range for this position is $100,000 to $200,000 per year benchmarked in the Washington DC Metro area. The salary range provided is a good faith estimate representative of all experience levels. Salary at LCG is determined by various factors, including but not limited to role, location, the combination of education/training, knowledge, skills, competencies, certifications, and work experience.

LCG offers a competitive, comprehensive benefits package which includes health insurance options (medical, dental, vision), life and disability insurance, retirement plan contributions, as well as paid leave, federal holidays, professional development, and lifestyle benefits.

Devoted to Fair and Inclusive Practices

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law.

If you are interested in applying for employment with LCG and need special assistance or an accommodation to apply for a posted position, contact our Human Resources department by email at hr@lcginc.com.

Securing Your Data

Beware of fraudulent job offers using LCG's name. LCG will never request payment-related details or advancement of money during the application process. Legitimate communication will only come from lcginc.com or system@hirebridgemail.com emails, not free commercial services like Gmail or WhatsApp. If you receive suspicious emails asking for payment or personal information, contact us immediately at hr@lcginc.com.

If you believe you are the victim of a scam, contact your local law enforcement and report the incident to the U.S. Federal Trade Commission.


Applied = 0
MORE JOBS LIKE THIS

(web-759df7d4f5-j8zzc)