FISMA Compliance Specialist- Senior Level


Full-Time, Direct Hire Position with Full Benefits and Matching 401(k) Plan

Work Location: Columbia, MD


The FISMA Compliance Specialist supports the performance of tasks associated with the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). This individual supports the preparation of system and security documentation in accordance with Federal Information Security Modernization Act (FISMA) requirements throughout the various stages of the RMF. The FISMA Compliance Specialist works in a team environment and performs assigned tasks with minimal supervision and support. The FISMA Compliance Specialist works closely with system stakeholders to document system information, consult on system/authorization boundary topics, and ensure that applicable security controls are identified and documented appropriately. In addition, the FISMA Compliance Specialist provides support during the assessments of systems to which he/she is assigned by assisting with the tracking and gathering of evidentiary artifacts. After authorization of the system, the FISMA Compliance Specialist supports continuous monitoring by assisting with the scheduling of monitoring activities, maintaining system component inventories, tracking Plan of Action and Milestones (POA&M) entries, and performing user account compliance reviews.

Key Responsibilities:

  • Gather and organize technical information about information systems.
  • Perform boundary scoping exercises and architecture reviews.
  • Develop deliverables associated with a FISMA security package including, but not limited to: System Security Plan, Information System Contingency Plan, Incident Response Plan, Continuous Monitoring Plan.
  • Support the performance of security assessments.
  • Gather and organize artifacts in preparation for security assessments.
  • Maintain information system component inventories.
  • Track and update POA&M entries.
  • Support scheduling of assessments and continuous monitoring activities.

Minimum Requirements:

  • Must be able to obtain (or currently have) a Public Trust.
  • At least 5 years of relevant industry experience in performing RMF-related tasks.
  • At least 5 years of experience with FISMA consulting and/or assessment projects.
  • Thorough understanding of FISMA requirements and NIST guidance.
  • Must be able to work both independently and in a team environment.
  • Must have strong written, verbal, and presentation communication skills.
  • At least one (1) IT Security-related professional certification (e.g., CISSP, CAP).

Preferred Qualifications (Not all of these are mandatory but are considered a plus):

  • Bachelor’s degree in Cyber Security, Computer Science, or related discipline.
  • Experience performing FISMA security assessments.
  • Experience developing ALL documents associated with a FISMA security package.

COACT, Inc. is a leading Service Disabled Veteran Owned Small Business and test laboratory that provides Global IT Security Services, Accredited Evaluations and Testing, and Evidence-Based Compliance Services for traditional, hybrid, and cloud-based systems serving governments and private industry. COACT is ISO 9001:2015 compliant and a Federal Risk and Authorization Management Program (FedRAMP) Accredited Third Party Assessment Organization (3PAO). COACT tiered service offerings range from focused efforts to address specific security objectives, to providing full information security programs for clients in commercial, healthcare, regulatory, defense, and intelligence domains.

To apply for this job email your details to