Compliance Officer

LightFeather is seeking an experienced Compliance Officer to join our team in Washington DC and ensure adherence to federal cybersecurity frameworks and regulatory requirements. This hybrid role involves direct engagement with cross-functional teams to achieve and maintain Authorization to Operate (ATO) status for a portfolio of custom applications and enterprise platforms. The ideal candidate will have a deep understanding of NIST SP 800-53 Rev. 5, FISMA, FedRAMP, RMF (Risk Management Framework), and agency-specific compliance mandates.

As part of this role, you will collaborate with security engineers, compliance specialists, auditors, and federal leadership to manage security governance and risk compliance for sensitive government applications.

This position requires an onsite presence in Washington, DC (2–3 days per week) and the ability to collaborate with multidisciplinary teams to safeguard critical systems and sensitive data.

This is a Full Time, Hybrid Position. Must be local to the DC Metro area.

Responsibilities:

Regulatory Compliance Management

• Develop, implement, and maintain security policies, standards, and procedures to ensure compliance with federal mandates, including NIST SP 800-53 Rev. 5, FISMA, FedRAMP, RMF, and agency-specific frameworks.
• Lead the preparation, submission, and management of ATO packages for cloud and on-premises systems using GRC (Governance, Risk, and Compliance) tools such as XACTA, eMASS, and Archangel.
• Conduct and support Security Control Assessments (SCAs), vulnerability assessments, and compliance audits.
• Perform continuous monitoring and ensure implementation of security controls per NIST SP 800-137.

Risk Assessment and Mitigation

• Conduct system security assessments, risk analyses, and vulnerability scans using tools such as Nessus, Tenable, Qualys, and OpenSCAP.
• Work with engineering teams to identify security weaknesses, develop Plans of Action and Milestones (POA&Ms), and track remediation efforts.
• Advise leadership on risk management strategies, security gaps, and mitigation measures in accordance with CISA, OMB, and agency-specific guidelines.

Documentation and Reporting

• Develop and maintain System Security Plans (SSPs), Risk Assessment Reports, Continuous Monitoring Plans, and other compliance-related artifacts.
• Ensure security documentation meets compliance requirements and is regularly updated in XACTA, eMASS, or Archangel.
• Provide regular reports and briefings to senior leadership, stakeholders, and external auditors on compliance activities.
• Maintain thorough audit trails and security documentation to support compliance investigations and assessments.

Stakeholder Collaboration and Support

• Serve as the compliance subject matter expert (SME) for application development, platform engineering, and federal program management teams.
• Facilitate collaboration between internal teams and external auditors during security assessments, including IG, GAO, DHS CDM, and agency security teams.
• Stay updated on evolving compliance regulations, Executive Orders (EOs), and OMB mandates to ensure continuous alignment with federal cybersecurity policies.

Required Qualifications and Skills:

• US Citizenship.
• Active Top Secret clearance is strongly preferred (Secret clearance holders will be considered).
• Bachelor’s degree in Computer Science, Cyber Security, Information Systems, or a related field.
• CompTIA Security (required) and at least one additional certification such as CISSP, CISA, CISM, CGRC (formerly CAP), GIAC certifications (GSEC, GSLC, GSTRT, etc.).
• Minimum 5 years of experience in IT compliance, security governance, risk management, or related roles within federal environments.
• Proven experience achieving and maintaining ATO status for enterprise platforms, cloud environments, and custom applications.
• Hands-on expertise in compliance frameworks such as NIST SP 800-53, FedRAMP, FISMA, RMF, and federal IT security policies.
• Strong proficiency in security documentation and GRC platforms (XACTA, eMASS, Archangel, CSAM, ServiceNow GRC, or similar tools).
• Experience conducting risk assessments, security control testing, and vulnerability management.
• Familiarity with cloud security compliance (AWS, Azure, Google Cloud) and security frameworks such as CMMC, FedRAMP, and TIC 3.0.

Preferred:

• Experience managing multiple ATO packages concurrently across low-code/no-code platforms, custom enterprise applications, and hybrid cloud environments.
• Expertise in transitioning systems to Ongoing Authorization (OA) models and directing continuous monitoring programs for technical controls.
• Knowledge of federal compliance processes, including utilization of Archangel and XACTA for GRC functions.

Why Join LightFeather?
You'll be part of a team dedicated to meaningful impact, working on solutions that address mission-critical needs. Experience variety, fulfillment, and the opportunity to work with some of the best in the industry. We are committed to fostering a diverse and inclusive environment where everyone is valued and respected.

Commitment to Diversity
LightFeather is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.