Senior Security and Compliance Specialist (Variable Regular)

Location: Rockville, MD ( Hybrid)

Job Overview: This position is focused on maintaining robust security, compliance, and risk management practices across Client systems. The specialist will play a key role in supporting security governance, ensuring operational compliance, and contributing to the ongoing maturity of Client's cybersecurity program.

The Senior specialist will serve as a subject-matter expert and key contributor, partnering closely with internal teams, external contractors, and federal stakeholders to ensure that all systems and documentation adhere to FISMA, NIST, and NIH security standards.

The variable regular hours role should not exceed 8 hours a week.

Key Responsibilities

Primary Security and Compliance Duties

• Maintain compliance with federal, NIH, and Client cybersecurity frameworks, including FISMA, NIST SP 800-53, and FedRAMP guidelines.
• Assist in the implementation and monitoring of technical and procedural controls that ensure ongoing compliance with NIST security controls and NIH policies.
• Contribute to the preparation, organization, and version control of documentation for governance, risk, and compliance (GRC) initiatives, ensuring accuracy and audit readiness.
• Support the assessment of security baselines, configuration standards, and vulnerability management activities, coordinating with the Client Security Operations Center and other NIH offices.
• Perform hands-on reviews of security documentation such as System Security Plans (SSP), POA&Ms, risk assessments, and audit reports to verify completeness and adherence to standards. Track and report compliance metrics to inform NINDS management on risk posture and mitigation progress.

Mentorship

• Provide peer-level mentoring and expert guidance to LCG and RMB security staff, fostering growth in technical knowledge, documentation standards, and compliance procedures.
• Design and deliver short, targeted workshops focused on process improvement, control validation, and audit preparation (not general end-user training).
• Contribute to the development of reusable training content such as checklists, templates, and security reference guides to support process consistency.
• Collaborate with the training coordinator to identify knowledge gaps and recommend upskilling opportunities in NIST RMF and NIH-specific tools. Model strong documentation discipline and best practices for information assurance, compliance reporting, and risk tracking.

Contract and End-User Engagement

• Coordinate with vendors and contractors throughout the Authorization to Operate (ATO) lifecycle, reviewing compliance artifacts and providing actionable feedback on required corrections.
• Support external teams in preparing required system documentation (e.g., Security Assessment Reports, risk responses, user access documentation).
• Assist in onboarding new contractors and verifying their adherence to NIH and Client security policies, user account management standards, and data protection requirements.
• Facilitate communication between internal compliance teams and external entities to ensure consistent application of security controls.
• Provide ongoing oversight and validation for approximately 500 end users and 6-10 external contractors.