IT Security Specialist I – Compliance and Governance
About the Opportunity
The IT Security Specialist I – Compliance and Governance is responsible for providing senior-level leadership for cybersecurity governance, risk management, compliance, and audit readiness activities in a remote and on-site environment. This role oversees the implementation, assessment, and continuous monitoring of security controls to ensure compliance with federal regulations and frameworks, including NIST, FISMA, RMF, FISCAM, and ISO 27001.
Success in this role is demonstrated by maintaining audit readiness, strengthening organizational compliance, effectively managing cybersecurity risk, and driving continuous improvement across security governance and compliance programs.
What You Will Do in This Role
The IT Security Specialist I – Compliance and Governance leads cybersecurity compliance, governance, risk management, and audit readiness efforts by overseeing security controls, assessments, documentation, and regulatory compliance activities to support and maintain a strong federal cybersecurity posture.
- Provide direct support to cybersecurity, compliance, governance, and information assurance personnel while leading compliance and governance activities supporting FISMA, NIST SP 800-53, A-123, FISCAM, RMF, ISO 27001, and agency-specific cybersecurity requirements.
- Oversee the implementation, documentation, assessment, and continuous monitoring of security controls across assigned systems and environments, including governance activities within governance, risk, and compliance (GRC) platforms.
- Coordinate and support internal and external audits, assessments, inspections, and reviews conducted by OIG, GAO, independent assessors, and agency stakeholders; develop and maintain audit-ready documentation, compliance artifacts, and governance records.
- Review, validate, and approve Plans of Action and Milestones (POA&Ms); monitor remediation efforts through closure; and coordinate penetration testing, vulnerability reviews, security control assessments, and compliance evaluations to identify and address security gaps.
- Support risk management activities, including risk identification, analysis, mitigation planning, executive reporting, and the preparation of monthly compliance, risk, and security posture reports for federal leadership and program stakeholders.
- Develop and maintain security governance documentation, including policies, procedures, standards, control narratives, system security documentation, transition plans, continuity documentation, and operational handoff artifacts.
- Provide expert guidance to technical, operational, and program management teams and collaborate with cybersecurity, infrastructure, application, cloud, and business stakeholders to ensure security requirements are effectively implemented and maintained.
- Evaluate changes to federal cybersecurity regulations, NIST publications, OMB guidance, and industry standards, and support continuous process improvement initiatives that strengthen compliance, audit readiness, and risk management capabilities.
What You Will Bring
Bachelor's degree in Cybersecurity, Information Technology, Information Assurance, Engineering, Business, or a related field (or equivalent combination of education and experience).
8+ years of progressive experience supporting cybersecurity governance, compliance, risk management, information assurance, or audit readiness programs.
Minimum of 5 years serving in a senior Information Assurance (IA), Governance, Risk, and Compliance (GRC), or cybersecurity management role.
Demonstrated experience supporting federal civilian or cabinet-level agency cybersecurity programs.
Hands-on experience utilizing CSAM or similar Governance, Risk, and Compliance (GRC) platforms.
Extensive knowledge of NIST SP 800-53, FISMA, A-123, FISCAM, RMF, and related federal cybersecurity frameworks.
Working knowledge of ISO 27001 principles and Information Security Management Systems (ISMS).
Experience developing, reviewing, and assessing security controls, compliance documentation, and audit artifacts.
Experience managing POA&M processes, vulnerability remediation activities, and risk mitigation efforts.
Strong analytical, organizational, communication, and technical writing skills.
Ability to communicate complex technical and compliance concepts to both technical and non-technical audiences.
Work authorization/security clearance requirements
- Ability to obtain a security clearance.
Work Environment
- This work is normally completed in a remote and on-site environment.
Physical Demands
- Prolonged periods of sitting at a desk and working on a computer.
- Must be able to access and navigate each department at the organization's and client facilities.
Travel Required
- Travel may be required on an as-needed basis.
Proficiency Requirement
- The employee is expected to demonstrate proficiency in all essential job functions, tools, and processes related to this position within the first 90 days of employment. This includes acquiring a thorough understanding of job-specific responsibilities, systems, and workflows as outlined during onboarding and training. Failure to meet this requirement may result in additional training, reassessment, or other actions as deemed necessary by management.
GAMA-1 also offers a variety of benefits, including health insurance coverage, life and disability insurance, 401(k) savings plan, training and career development opportunities, paid holidays and paid time off (PTO - to cover vacation, illness or disability, appointments, emergencies or other situations that require time off from work). For more information click here.
ABOUT GAMA-1
GAMA-1 is a rapidly growing technology business that is based in Greenbelt, Maryland. GAMA-1 Technologies provides strategic information assurance, information security, and business enterprise and networking solutions to the Federal Government. Our success is based on the utilization of industry and agency standards, establishment of standardized processes, and IT Services expertise. At GAMA-1, we believe employees should grow, achieve, and develop just as the company grows, achieves, and develops. GAMA-1 is committed to providing our employees with opportunities for career advancement throughout their employment. For more information, visit www.gama1tech.com
GAMA-1 is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to: veteran status, uniformed servicemember status, race, color, religion, sex, sexual orientation, gender identity, age, pregnancy (including childbirth, lactation and related medical conditions), national origin or ancestry, citizenship or immigration status, physical or mental disability, genetic information (including testing and characteristics), domestic violence victims, political orientation, status as a smoker or tobacco user, hairstyle, use of a service animal, education status, familial status, HIV/AIDS status, height, weight, reproductive healthcare decisions or any other category protected by federal, state or local law.