Senior Compliance Engineer

Overview

Amentum seeks a Compliance Engineer. Amentum is a global leader in advanced engineering and innovative technology solutions, trusted by the United States and its allies to address their most significant and complex challenges in science, security and sustainability. Headquartered in Virginia, we have more than 53,000 employees in approximately 80 countries across all 7 continents.

The Compliance Engineer is a remote-telework position that supports our ISO 27001 adherence and other cybersecurity related frameworks, in governance, risk, and information assurance. This role supports Amentum's data protection requirements through the assessment of controls and working with teams through the mitigation process. Qualified candidates will need a versatile skill set that emphasizes ISO 27001 comprehension, technology, effective collaboration, critical thinking, analytical prowess, ability to crosswalk multiple frameworks, and strong communication skills. US Citizenship is required to apply. This is a US remote-telework role (you must live within the US to work remote).

Responsibilities

• ISO 27001 Adherence & Certification : Manage the organization's ISO 27001 adherence program, including the development, implementation, and maintenance of the ISMS. Ensure alignment with ISO 27001 standards, internal policies, and applicable DIB regulations.
• Control Implementation, Monitoring & Continuous Improvement : Design, implement, and monitor security controls as part of the ISMS to protect sensitive information and ensure adherence with ISO 27001. Continuously assess and improve controls to address emerging cybersecurity threats, regulatory changes, and industry best practices.
• Audits, Risk Assessments & Adherence Support : Lead or participate in internal audits and risk assessments to evaluate adherence with ISO 27001 and other cybersecurity frameworks (e.g., NIST 800-53, DFARS, CMMC). Serve as the primary point of contact for internal and external audits, ensuring timely documentation and resolution of audit findings. Support regulatory inspections and certification processes.
• Documentation, Reporting & Metrics : Maintain comprehensive documentation related to ISMS, including control procedures, risk assessments, audit results, and adherence reports. Develop and provide metrics and status reports to cybersecurity leadership, ensuring transparency in security and adherence efforts.
• Collaboration & Advisory : Work closely with IT, cybersecurity, legal, and compliance teams to integrate ISO 27001 controls across the organization. Advise on best practices for maintaining a secure environment and aligning with DIB-specific regulatory frameworks. Brief management on ISO 27001 adherence, risk matters, and security improvements.
• Training & Awareness : Develop and deliver training programs to increase awareness of ISO 27001 controls, adherence obligations, and information security best practices. Foster a culture of security awareness across the organization.
• Vendor & Third-Party Risk Management : Ensure third-party vendors and contractors meet the organization's security and ISO 27001 adherence requirements. Conduct regular vendor risk assessments and security reviews.
• Travel may be required, up to 30%.

Knowledge, Skills and Abilities

Minimum Qualifications

Amentum is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, sex, sexual orientation, pregnancy, age, ancestry, United States military or veteran status, color, religion, creed, marital or domestic partner status, medical condition, genetic information, national origin, citizenship status, low-income status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law. Learn more about your rights under Federal laws and supplemental language at Labor Laws Posters.

J-18808-Ljbffr