Senior Cybersecurity Compliance Consultant (NIST 800-53)

Description

About Dragonfli Group

The Dragonfli Group is a small business headquartered in Washington, DC, providing cybersecurity and IT consulting services to U.S. government agencies and large commercial enterprises. Our team supports programs ranging from short-term engagements to multi-year initiatives. We are known for our professionalism, agility, and mission-driven focus.

Position Overview

We are seeking a Senior NIST Consultant to support a cybersecurity program in Richmond, VA. This is a hybrid role with 2-3 days/week onsite requiring regular presence at the client location. The consultant will lead system security documentation, perform NIST 800-53 control implementation, and manage compliance efforts using ServiceNow GRC. The ideal candidate is technically adept, detail-oriented, and confident interfacing with both technical teams and client stakeholders.

Key Responsibilities



• Develop and maintain System Security Plans (SSPs), Security Assessment Reports (SARs), and associated A&A documentation.
• Map and implement controls aligned with NIST 800-53 Revision 5.
• Utilize ServiceNow GRC to manage compliance workflows and system artifacts.
• Liaise with stakeholders to gather system data, define security postures, and address assessment requirements.
• Ensure timely delivery of documentation and security milestones.
• Lead and mentor a junior analyst and provide quality oversight of their work.
• Create and present project status reports to internal and external audiences.
• Identify process improvements in security governance and compliance.

Requirements

Required Qualifications

• 5–8 years of total IT or cybersecurity experience
• 5–8 years of hands-on experience with NIST frameworks, especially 800-53
• Demonstrated expertise in developing SSPs and related documentation
• Proficient in using ServiceNow GRC or similar platforms
• Strong verbal and written communication skills
• Experience managing client relationships and team deliverables in a deadline-driven environment

Certifications (Preferred | Nice-to-have)

• CISSP (Certified Information Systems Security Professional) or
• CISA (Certified Information Systems Auditor)

Additional Requirements

• Must be onsite at the client location in Richmond, VA
• Must reside within a commutable distance to Richmond, VA
• Must be legally authorized to work in the United States

Skill(s)

Benefits

Insurance (Health, Dental, Vision)

PTO and Federal Holidays

401(k) Retirement Plan

Travel