Senior Cybersecurity Compliance Specialist

GCyber is seeking an experienced Senior Cybersecurity Compliance Specialist to support a DoD customer with a mission-critical cybersecurity program focused on the A&A and continuous monitoring of complex IT systems. This position involves leading RMF package validation, providing security control assessment support, and advising government stakeholders on enterprise-level cyber risk and compliance strategy. 

As the Senior Cybersecurity Compliance Specialist, you will:

• Lead review and validation of RMF Body of Evidence (BOE) packages and assess implementation of security controls across systems including cloud, on-premises, hybrid, and virtualized environments.
• Evaluate and verify application of DISA STIGs, NIST 800-53 controls, and federal compliance standards during the A&A and continuous monitoring lifecycle.
• Use eMASS or equivalent tools to manage key RMF artifacts, including SSPs, POAMs, RARs, SAPs, and SCTMs.
• Track POAM remediation, review Independent Verification & Validation (IV&V) results, and identify required follow-up testing to support authorization decisions.
• Validate system boundary controls, assess interconnection compliance, and review log handling and PP&S documentation.
• Develop security assessment plans and execute control tests to determine effectiveness of implemented security controls.
• Act as the eMASS administrator, managing access, workflows, and generating reporting across system portfolios.
• Participate in working groups to review and recommend updates to cybersecurity policy and RMF guidance.

 
Minimum Qualifications and Experience

• Active TS/SCI Clearance
• DoD 8570 IAT II certification
• Master’s degree in cybersecurity, information systems, or a related field; OR bachelor’s degree plus an additional 6 years of relevant experience.
• Minimum of 12 years of cybersecurity experience, including direct support to DoD RMF, compliance, and A&A efforts.
• In-depth knowledge of NIST 800-53, RMF lifecycle, STIG implementation, and eMASS workflows.
• Experience reviewing security architectures, risk assessments, and compliance documentation for highly sensitive IT systems.
• Strong understanding of continuous monitoring strategies and POAM lifecycle tracking.
• Ability to analyze enterprise risk posture and provide structured, defensible recommendations to government stakeholders.

 

Our Benefits

GCyber is committed to the well-being and development of every employee. Our benefits are designed to support your personal and professional goals, from health and wellness programs to retirement savings and career development opportunities. Highlights include:

• 26 Days of Paid Leave + Annual PTO Increase
• An extra day of paid leave for every year of employment with GCyber
• Paid Parental Leave
• Additional Leave Allowances for Military Duty, Jury Duty, and Bereavement Leave
• 401(k) Matching
• 100% Company-funded Disability Insurance
• 90% Company-Funded Health, Dental, and Vision Insurance, with contributions to insurance benefits for spouses, children, and family members
• Training and Professional Development Plans
• Commuter Benefits Plan
• Parking and Transportation Allowance

Equal Opportunity Employer

GCyber is an Equal Opportunity Employer. This means you don't have to worry about whether your application process will be fair. We consider all applicants without regard to race, color, religion, age, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, veteran status, or disability.

Stay in Touch

For future job notifications please follow GCyber on LinkedIn. https://linkedin.com/company/gcyber