Senior Cybersecurity Compliance Consultant (NIST 800-53)

Description

About Dragonfli Group

The Dragonfli Group is a small business headquartered in Washington, DC, providing cybersecurity and IT consulting services to U.S. government agencies and large commercial enterprises. Our team supports programs ranging from short-term engagements to multi-year initiatives. We are known for our professionalism, agility, and mission-driven focus.

Position Overview

Dragonfli Group seeks a Senior NIST Consultant to support a cybersecurity program. This role is fully remote, but all work activities must be performed during Eastern Standard Time (EST) business hours. The consultant will lead system security documentation, perform NIST 800-53 control implementation, and manage compliance efforts using ServiceNow GRC. The ideal candidate is technically adept, detail-oriented, and confident interfacing with both technical teams and client stakeholders.

This role requires a strong understanding of Governance, Risk, and Compliance (GRC) functions. The consultant will be responsible for configuring and managing compliance workflows in ServiceNow GRC, ensuring alignment with enterprise risk frameworks, and maintaining up-to-date system artifacts throughout the assessment and authorization (A&A) lifecycle. Additional responsibilities include identifying and remediating compliance gaps, analyzing control effectiveness, and producing reports and dashboards to support audit readiness and executive-level decision-making.

The Senior Consultant will also be responsible for supervising a junior cybersecurity analyst, providing task direction, reviewing deliverables, and offering mentorship to support professional development. This includes delegating research assignments, managing task execution against project timelines, and ensuring quality assurance across all analyst-supported documentation and activities.

Key Responsibilities



• Develop and maintain System Security Plans (SSPs), Security Assessment Reports (SARs), and associated A&A documentation.
• Map and implement controls aligned with NIST 800-53 Revision 5.
• Utilize ServiceNow GRC to manage compliance workflows and system artifacts.
• Liaise with stakeholders to gather system data, define security postures, and address assessment requirements.
• Ensure timely delivery of documentation and security milestones.
• Lead and mentor a junior analyst and provide quality oversight of their work.
• Create and present project status reports to internal and external audiences.
• Identify process improvements in security governance and compliance.

Requirements

Required Qualifications

• 5–8 years of total IT or cybersecurity experience
• 5–8 years of hands-on experience with NIST frameworks, especially 800-53
• Demonstrated expertise in developing SSPs and related documentation
• Proficient in using ServiceNow GRC or similar platforms
• Strong verbal and written communication skills
• Experience managing client relationships and team deliverables in a deadline-driven environment
• Must be legally authorized to work in the United States

Certifications (Preferred | Nice-to-have)

• CISSP (Certified Information Systems Security Professional) or
• CISA (Certified Information Systems Auditor)

Skill(s)

Benefits

Insurance (Health, Dental, Vision)

PTO and Federal Holidays

401(k) Retirement Plan

Travel