Cybersecurity Compliance Lead

Axle is a bioscience and information technology company that offers advancements in translational research, biomedical informatics, and data science applications to research centers and healthcare organizations nationally and abroad. With experts in biomedical science, software engineering, and program management, we focus on developing and applying research tools and techniques to empower decision-making and accelerate research discoveries. We work with some of the top research organizations and facilities in the country including multiple institutes at the National Institutes of Health (NIH).

Axle is seeking a Cybersecurity Compliance Lead to join our vibrant team at the National Institutes of Health (NIH) supporting the National Center for Advancing Translational Sciences located in Rockville, MD.

Benefits We Offer:

• 100% Medical, Dental & Vision Coverage for Employees
• Paid Time Off and Paid Holidays
• 401K match up to 5%
• Educational Benefits for Career Growth
• Employee Referral Bonus
• Flexible Spending Accounts:
  • Healthcare (FSA)
  • Parking Reimbursement Account (PRK)
  • Dependent Care Assistant Program (DCAP)
  • Transportation Reimbursement Account (TRN)

Zero Trust is currently seeking a “Cybersecurity Compliance Lead” to join our team. The Cybersecurity Compliance Lead will support day-to-day and project-based security activities, POA&M remediations, vulnerabilities impact, and remediation process for the on-premises and cloud environments.

The Cybersecurity Compliance Lead will use their expertise to effectively manage security compliance activities, security waivers, documentation by working and providing guidance to all the stakeholders.

Primary Responsibilities:

· Manage daily Cybersecurity compliance activities.

· Lead and mentor the NCATS CSS Cybersecurity compliance team.

· Lead NCATS Cybersecurity compliance efforts to follow the Risk Management Framework (RMF). Must be familiar with Risk Management Framework (RMF), NIST 800-53 and other Government mandates.

· Have a solid understanding of the ATO preparation and assessment process.

· Schedule and coordinate compliance activities, sessions, and meetings with the stakeholders.

· Provide security controls implementation guidance.

· Be able to effectively work with stakeholders to manage and close POA&Ms.

· Provide effective guidance to the stakeholders on secure baseline configurations.

· Manage documentation in NIH GRC tool.

· Ensure on time delivery of task order deliverables for cybersecurity compliance.

· Manage work through tools such as NIH incident response (IRT) portal, Splunk, ServiceNow, Jira, Confluence etc.

· Aid with the ATO preparations and security controls implementation.

· Establish communications with vendors for the release of newly identified vulnerabilities and to ensure they understand the specialized requirements of the client’s information systems.

· Develop daily, weekly, and annual NCATS security landscape metrics.

· Identify, analyze, and develop mitigation or remediation actions for system and network vulnerabilities.

· Provide notification of potential threats by tracking vulnerabilities and exploits, propagation of worms and viruses.

· Monitor the progress of internal and external organizations to ensure operational requirements are fulfilled for audits and reviews.

Basic Qualifications:

· Bachelor's degree in a relevant technical discipline and 4+ years of overall related experience. 5+ years of additional related years of experience is accepted in lieu of a degree.

· Experience working with NIST 800-xxx series guidance.

· Familiarity with different encryption types.

· Familiarity with Windows/Unix/Linux platforms.

· Familiarity with DevOps pipelines, code scanning, penetration testing etc.

· Proven experience with incident and change management systems such as ServiceNow and Jira.

· Well versed in Active Directory, Office 365, and other platforms.

· Experience in Threat and Vulnerability scanning and remediation methodologies.

· Familiarity with System Incident and Event Management (SIEM) and other logging and monitoring tools.

· Experience in Vulnerability management and threat management tools such as Tenable Nessus, Netsparker, McAfee suite, Palo Alto, Amazon inspector and Cloud Watch etc.

· Experience in a hybrid operations environment providing leadership specified reports based on information received from other system owners and operations team.

Preferred Qualifications:

· BS or MS degree in computer science, computer engineering, information systems, privacy engineering or related field of study.

· CEH, Security Plus. Splunk Power User.

· Excellent communication and presentation skills and the ability to effectively communicate designs, proposals, and results; and negotiate options at management levels

· Proficient in developing briefing materials, administrative, and logistic support.

Disclaimer:The above description is meant to illustrate the general nature of work and level of effort being performed by individuals assigned to this position or job description. This is not restricted as a complete list of all skills, responsibilities, duties, and/or assignments required. Individuals may be required to perform duties outside of their position, job description or responsibilities as needed.

The diversity of Axle’s employees is a tremendous asset. We are firmly committed to providing equal opportunity in all aspects of employment and will not tolerate any illegal discrimination or harassment based on age, race, gender, religion, national origin, disability, marital status, covered veteran status, sexual orientation, status with respect to public assistance, and other characteristics protected under state, federal, or local law and to deter those who aid, abet, or induce discrimination or coerce others to discriminate.

Accessibility: If you need an accommodation as part of the employment process please contact: careers@axleinfo.com