Senior Cybersecurity Compliance Analyst

Aretum is a mission-driven organization committed to delivering innovative, technology-enabled solutions to our customers across defense, civilian, and homeland security sectors. Our teams work at the intersection of strategy, technology, and transformation, helping agencies solve their most critical challenges. We believe in investing in our people and creating a culture where collaboration, inclusion, and professional growth are at the forefront.

Join us to be part of meaningful work that drives national impact and grow your career alongside exceptional peers.

Job Summary

Due to the nature of our work as a federal consulting organization, employees may be expected to handle Controlled Unclassified Information (CUI) and must adhere to applicable safeguarding and compliance requirements. Additionally, all team members may be called upon to support proposal efforts as needed. This could include resume formatting, providing skills alignment summaries, participating in meetings, or contributing to solutioning activities based on subject matter expertise or functional experience.

Responsibilities

· The Security Controls Assessment Lead is responsible for leading and executing the end-to-end security control assessment process for federal information systems, aligned with NIST SP 800-53 Revision 5 and the Risk Management Framework (RMF).

· Responsibilities include development of Security Assessment Plans (SAPs), conducting technical control evaluations and interviews, analyzing system artifacts, producing Security Assessment Reports (SARs), and presenting findings to stakeholders.

· The role involves daily coordination of assessor activities, alignment with CSAM or equivalent tools, and validation of compliance documentation including POA&Ms and RMF lifecycle artifacts such as the BIA, Contingency Plan, Configuration Management Plan, and Privacy Threshold Analysis.

· Minimum of 5 years of experience in federal cybersecurity, with at least 3 years conducting or leading RMF-based assessment and authorization (A&A) activities

· In-depth knowledge of NIST SP 800-53 Rev. 5, FISMA, and FedRAMP Moderate baselines

· Demonstrated experience preparing and reviewing RMF documentation (e.g., SAP, SAR, SSP, POA&M, BIA, Contingency Plan)

· Hands-on proficiency with A&A platforms, preferably CSAM

· Strong organizational, analytical, and communication skills, with the ability to interface with both technical staff and senior management

· Proven ability to manage concurrent assessments and track progress through audit-readiness completion

Preferred Qualifications

· Active CISSP, CISM, or equivalent professional security certification (CISSP preferred)

· Experience supporting agency-specific assessment frameworks or tailoring FedRAMP packages

· Familiarity with hybrid and cloud-native federal environments, and implementation of continuous monitoring strategies

· Ability to assess emerging federal directives (e.g., OMB memos, Emergency Directives) and translate them into actionable security guidance

Environment & Physical Requirements

• This is a remote/work-from-home position. The employee is expected to maintain a professional and distraction-free home office environment with reliable internet access and the ability to participate in video and audio calls during standard working hours. Standard office equipment such as a computer, phone, and webcam will be used regularly. 

• The physical demands described here are representative of those that must be met to successfully perform the essential functions of this job: 
• Prolonged periods of sitting and working on a computer. 
• Frequent use of hands and fingers to operate computer and telephone equipment. 
• Must be able to lift up to 15 pounds occasionally (e.g., moving equipment). 
• Ability to participate in virtual meetings and communicate clearly via video/audio platforms. 

Travel Requirement

This is a remote position; however, occasional travel may be required based on project needs, client meetings, team collaboration events, or training sessions. Travel is expected to be less than 10% and will be communicated in advance whenever possible. 

EEO & Pay Transparency Statement

Aretum is committed to fostering a workplace rooted in excellence, integrity, and equal opportunity for all. We adhere to merit-based hiring practices, ensuring that all employment decisions are made based on qualifications, skills, and ability to perform the job, without preference or consideration of factors unrelated to job performance.

As an Equal Opportunity Employer, Aretum complies with all applicable federal, state, and local employment laws.

We are proud to support our nation’s veterans and military families, providing career opportunities that honor their service and experience.

If you require a reasonable accommodation during the hiring process due to a disability, please contact our Talent Acquisition team for assistance.

In compliance with Executive Order 13665, Aretum will not discharge or otherwise discriminate against employees or applicants for inquiring about, discussing, or disclosing their own pay or that of another employee or applicant.

U.S. Work Authorization

Applicants must be U.S. citizens and currently authorized to work in the United States on a full-time basis. This position supports a federal government contract and requires the ability to obtain and maintain a Public Trust or Suitability Determination, depending on the agency’s background investigation requirements. Sponsorship is not available.