We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
LCG, Inc. jobs

Lead Compliance Specialist

LCG, Inc.
$60,000.00 - $130,000.00 / yr
vision insurance, retirement plan
United States, Maryland, Rockville
6000 Executive Blvd Ste 410 (Show on map)
Jan 17, 2026

Location: Rockville, MD

Work Type: Hybrid Work (Minimum 2 days onsite - may extend based on client meetings, delivery needs, and proposal support)

Job Title: Lead Compliance Specialist

Clearance: Public Trust

Job Summary: The Lead Compliance Specialist provides senior-level cybersecurity compliance leadership supporting the HHS Client under the guidance of the CIO, CISO, and Senior Agency Official for Privacy (SAOP). The role leads Security Assessment & Authorization (SA&A) activities using the NIST Risk Management Framework (RMF) to ensure ongoing FISMA compliance across SAMHSA information systems, while also supporting federal privacy compliance activities such as PIAs and SORNs.

Key Responsibilities

Lead RMF-based SA&A Execution (ATO / Reauthorization / Assessment Cycles)



  • Lead SA&A workload planning and execution for new and existing systems requiring authorization activities, including scheduling, coordination, and workload management.
  • Provide security expertise to ensure consistent application of SA&A processes across all SAMHSA systems and verify compliance with FISMA, NIST, HHS, and SAMHSA standards.
  • Identify system data types (FIPS 199) and define/validate authorization boundaries prior to assessments.


Control Selection, Tailoring, and Artifact Development/Quality



  • Assist system owners/stakeholders with security and privacy control selection and tailoring based on system architecture, and ensure controls are implemented and reflected in current documentations
  • Develop and execute FISMA assessment test plans (initial and reassessments) and drive assessment readiness within required timelines.
  • Gather, examine, and analyze evidence/artifacts for control assessment and remediation verification; determine risk/severity and ensure results are recorded in the agency repository.
  • Prepare and/or revise SA&A packages within required timelines following assessment completion, ensuring alignment with federal and agency requirements.
  • Review/revise SA&A documentation for consistency across interrelated package components (e.g., SSP/SAP/SAR and supporting artifacts), including required revisions and standardization improvements.


Stakeholder Briefings, Corrective Actions, and Findings Closure



  • Brief system owners/stakeholders, the CISO, and Authorizing Official; provide risk-based recommendations and corrective action guidance for non-compliant controls.
  • Document assessment activities and results in sufficient detail to support external review; support government FISMA team reviews of assessment reports and conclusions.


Continuous Monitoring / Ongoing Authorization Support



  • Support implementation and execution of a NIST SP 800-137 continuous monitoring process, including periodic control assessments and evaluation of significant changes.
  • Conduct security and privacy impact analyses related to changes that affect an information system's ATO and support transition to Ongoing Authorization.


Compliance Scanning, POA&M Governance, and Remediation Validation



  • Coordinate enterprise-wide compliance/vulnerability testing and scanning; track results in the HHS GRC tool and prepare monthly reports.
  • Manage and validate remediation activities in alignment with HHS POA&M policy, including evidence review from third-party vendors as required.


FISMA Reporting + Data Calls / Audit Evidence Packages



  • Support compilation of monthly/quarterly/annual FISMA reporting and maintain system inventories and POA&Ms in RSA Archer (or successor GRC tool).
  • Determine, gather, analyze, and quality-review evidence for HHS/internal/external audits and data calls (e.g., GAO/OIG), and brief the CISO ahead of suspense dates.


Privacy Compliance Support (PIA / SORN / Privacy Act Processes)



  • Support the SAOP by maintaining privacy program alignment, tracking systems with PII, and managing requirements for PIAs and SORNs (including updates and public posting requirements).
  • Develop Privacy Threshold Analysis/PIA within required timelines and support SORN lifecycle processes (creation/decommission; Federal Register publication tracking).


Requirements

Education: Bachelor's degree (or related undergraduate degree) consistent with compliance/security roles supporting federal SA&A and policy requirements.

Certification:



  • Required (one): CISSP or CAP or Security+.
  • Preferred: Baltimore Cyber Range (BCR) Cybersecurity Technical Proficiency


Experience:



  • Minimum 5 years of cybersecurity experience with a solid understanding of FISMA, NIST, and federal privacy laws (e.g., Privacy Act of 1974, HIPAA, etc.).
  • Demonstrated experience leading or coordinating RMF SA&A activities end-to-end, including workload planning, control selection/tailoring, assessment test planning/execution, artifact quality control, and findings remediation closure.
  • Experience supporting privacy compliance deliverables (PIA/SORN tracking, Privacy Act clearance support, public posting requirements)
  • Extensive experience with federal cybersecurity and privacy requirements and leading SA&A activities using NIST RMF in compliance with FISMA.
  • Strong working knowledge of FIPS 199, control implementation evidence, and maintaining assessment-ready documentation to support external review.
  • Ability to develop/execute assessment plans, analyze artifacts, assign risk/severity, and provide actionable remediation guidance to stakeholders.
  • Familiarity with federal privacy laws and processes (e.g., Privacy Act and related requirements) and PIA/SORN workflows.


Tools Set / Platforms



  • RSA Archer (or successor GRC tool) for system inventory, POA&Ms, and compliance tracking.
  • SA&A/RMF artifacts and evidence management including (as applicable): SSP, SAP, SAR, POA&M, assessment evidence, remediation validation packages.
  • Vulnerability/compliance scan reporting inputs and remediation coordination outputs (monthly scanning/reporting expectation).


Compensation and Benefits

The projected compensation range for this position is $60,000 to $130,000 per year, benchmarked in the Washington, D.C. metropolitan area. Salary at LCG is determined by various factors, including but not limited to role, location, education/training, skills, certifications, and experience.

LCG offers a competitive and comprehensive benefits package including medical, dental, and vision insurance, life and disability insurance, retirement plan contributions, paid leave, federal holidays, professional development opportunities, and lifestyle benefits.

Devoted to Fair and Inclusive Practices

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law.

If you are interested in applying for employment with LCG and need special assistance or an accommodation to apply for a posted position, contact Human Resources at hr@lcginc.com.

Securing Your Data

Beware of fraudulent job offers using LCG's name. LCG will never request payment-related details or advance payment during the application process. Legitimate communication will only come from lcginc.com or system@hirebridgemail.com email addresses.



Applied = 0
MORE JOBS LIKE THIS

(web-df9ddb7dc-h6wrt)