Lead Federal Information Security Modernization Act (FISMA) SME

Overview Thank you for considering IT Concepts dba Kentro, where innovation drives opportunity and collaboration leads to success. Our dynamic community of experts is fully committed to advancing our customers' missions, fostering professional growth, and making a positive impact on our communities. By joining our supportive community, you will find that Kentro is dedicated to your personal and professional development. Together, we can drive meaningful change, spark innovation, and achieve extraordinary milestones. Kentro is hiring for a Lead FISMA SME to support the Department of Commerce/Office of Cybersecurity and IT Risk Management (OCRM) . The FISMA Lead serves as the subject matter expert responsible for overseeing and executing all FISMA-related activities in support of DOC cybersecurity programs. This role provides technical leadership in data requirements development, collection, analysis, reporting, and compliance, ensuring alignment with FISMA, NIST, OMB, and agency-specific requirements. The FISMA Lead supports the development of key cybersecurity deliverables, coordinates with stakeholders across the organization, and translates complex technical and compliance requirements into actionable insights for both technical and executive audiences. The FISMA Lead will support the improvement of DOCs cybersecurity posture and FISMA performance by increasing cybersecurity visibility, identifying gaps in policies, procedures, processes, reporting, and tools. Location: Hybrid in Washington, D.C. Salary Range: $140,000-150,000/annually. Factors influencing pay within this range include geography, market demand, skills, education, experience, and other qualifications of the successful candidate. Responsibilities Oversight & Reporting Quarterly and annual CIO FISMA metrics Lead data calls, conduct data collection, validation, and analysis activities Support CyberScope (or equivalent) data entry and reporting Analyze data from multiple sources (open source, internal systems, data calls, high-side systems) Present results in both detailed and executive-level formats Identify Requirements and Key Performance Indicators (KPIs) tracking DOC performance against external requirements Executive Orders and White House memos on cybersecurity priorities OMB Memoranda on cybersecurity initiatives CISA Binding Operational Directives CISA Emergency Directives

NIST CSF 2.0

Cybersecurity Analysis & Compliance Apply

FISMA

, NIST, OMB, CISA and DOC cybersecurity requirements to program activities Analyze system-level and enterprise-level cybersecurity data to identify trends, risks, and gaps Provide recommendations to improve compliance and overall cybersecurity posture Provide Audit team with SME level support for the development of enterprise corrective action plans and/or interim mitigations Work with Data Analytics Team to interpret data and develop executive level dashboards Documentation & Deliverables Plan, develop, review, and finalize key cybersecurity deliverables, including: Security categorizations Risk assessments Contingency plans Security Test & Evaluation (ST&E) reports Vulnerability assessment reports Plans of Action & Milestones (POA&Ms) Ensure deliverables meet quality standards and align with federal requirements Lead workshops providing guidance to DOC Operating Units for addressing enterprise oversight & compliance actions. System & Control Assessment Identify unique system characteristics and operational environments Map technical capabilities and system functionality to security controls, policies, and standards Support control implementation and validation activities Stakeholder Engagement Conduct interviews with technical, administrative, and executive personnel Collaborate with OCRM and other stakeholders to gather information and develop documentation Serve as a key liaison between technical teams and leadership Problem Solving & Technical Leadership Apply cybersecurity principles and methods to develop solutions to complex problems Provide guidance on FISMA-related requirements and best practices Support continuous improvement of cybersecurity processes and reporting Qualifications Education: Bachelor's degree in a related field (Master's preferred) Experience: 12 years of relevant experience Technical Skills: Strong knowledge of: FISMA NIST frameworks (e.g., NIST SP 800-53, SP 800-37, SP 800-63, CSF 2.0) Zero Trust Architecture (ZTA) CISA & OMB cybersecurity guidance GRC Solutions (CSAM, JCAM, RegScale) Experience supporting federal cybersecurity compliance & oversight programs Experience with: Data analysis and reporting CyberScope or similar reporting tools Axonius Elastic Security documentation and assessments Ability to translate complex technical data into clear, actionable insights Key Skills Project management Analytical thinking and problem-solving Technical writing and documentation Data analysis and interpretation Communication with both technical and executive stakeholders Attention to detail and quality assurance Clearance Requirement: US Citizen or Green card holder Willing and able to obtain and maintain Public Trust Clearance Must meet updated ID requirements: If you do not currently meet the ID requirements outlined, you must be willing and able to update your current forms of ID in a timely manner to complete the suitability process successfully. Benefits The Company We believe in generating success collaboratively, enabling long-term mission success, and building trust for the next challenge. With you as our partner, let’s solve challenges, think innovatively, and maximize impact. As a valued member of our team, you have the unique opportunity to work in a diverse range of technology and business career paths, all while supporting our nation and delivering innovative technology solutions. We are a close community of experts that pride ourselves in creating an environment defined by teamwork, dedication, and excellence. We hold three ISO certifications (27001:2013, 20000-1:2011, 9001:2015), two CMMI ML 3 ratings (DEV and SVC) and CMMC Level 2 Certification. Industry Recognition Growth | Inc 5000’s Fastest Growing Private Companies, DC Metro List Fastest Growing; Washington Business Journal: Fastest Growing Companies, Top Performing Small Technology Companies in Greater D.C. Culture | Northern Virginia Technology Council Tech 100 Honoree; Virginia Best Place to Work; Washington Business Journal: Best Places to Work, Corporate Diversity Index Winner – Mid-Size Companies, Companies Owned by People of Color; Department of Labor’s HireVets for our work helping veterans transition; SECAF Award of Excellence finalist; Victory Military Friendly Brand; Virginia Values Veterans (V3); Cystic Fibrosis Foundation Corporate Breath Award Benefits We offer competitive benefits package including paid time off, healthcare benefits, supplemental benefits, 401k including an employer match, discount perks, rewards, and more. We invest in our employees – Every employee is eligible for education reimbursement for certifications, degrees, or professional development. Reimbursement amounts may fluctuate due to IRS limitations. We want you to grow as an expert and a leader and offer flexibility for you to take a course, complete a certification, or other professional growth and networking. We are committed to supporting your curiosity and sustaining a culture that prioritizes commitment to continuous professional development. We work hard; we play hard. Kentro is committed to incorporating fun into every day. We dedicate funds for activities – virtual and in-person – e.g., we host happy hours, holiday events, fitness & wellness events, and annual celebrations. In alignment with our commitment to our communities, we also host and attend charity galas/events. We believe in appreciating your commitment and building a positive workspace for you to be creative, innovative, and happy. Commitment Equal Opportunity Employment & VEVRAA Kentro is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local law. Kentro is strongly committed to compliance with VEVRAA and other applicable federal, state, and local laws governing equal employment opportunity. We have developed comprehensive policies and procedures to ensure our hiring practices align with these requirements. As part of our VEVRAA compliance efforts, Kentro has established an equal opportunity plan outlining our commitment to recruiting, hiring, and advancing protected veterans. This plan is regularly reviewed and updated to ensure its effectiveness. We encourage protected veterans to self-identify during the application process. This information is strictly confidential and will only be used for reporting and compliance purposes as required by law. Providing this information is voluntary and will not impact your employment eligibility. Our commitment to equal employment opportunity extends beyond legal compliance. We are dedicated to fostering an inclusive workplace where all employees, including protected veterans, are treated with dignity, respect, and fairness. Accommodations To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable Accommodations may be made to enable qualified individuals with disabilities to perform the essential functions. If you need to discuss reasonable accommodations, please email View email address on click.appcast.io. #J-18808-Ljbffr kentro