Senior Compliance Engineer

Overview

Amentum seeks a Compliance Engineer

Amentum is a global leader in advanced engineering and innovative technology solutions, trusted by the United States and its allies to address their most significant and complex challenges in science, security and sustainability. Headquartered in Virginia, we have more than 53,000 employees in approximately 80 countries across all 7 continents.

Compliance Engineer is a remote-telework position that supports our ISO 27001 adherence and other cybersecurity related frameworks, in governance, risk, and information assurance. This role supports Amentum's data protection requirements through the assessment of controls and working with teams through the mitigation process. Qualified candidates will need a versatile skill set that emphasizes ISO 27001 comprehension, technology, effective collaboration, critical thinking, analytical prowess, ability to crosswalk multiple frameworks, and strong communication skills. US Citizenship is required to apply. This is a US remote-telework role (you must live within the US to work remote).

Essential Responsibilities

ISO 27001 Adherence & Certification : Manage the organization's ISO 27001 adherence program, including the development, implementation, and maintenance of the ISMS. Ensure alignment with ISO 27001 standards, internal policies, and applicable DIB regulations.

Control Implementation, Monitoring & Continuous Improvement : Design, implement, and monitor security controls as part of the ISMS to protect sensitive information and ensure adherence with ISO 27001. Continuously assess and improve controls to address emerging cybersecurity threats, regulatory changes, and industry best practices.

Audits, Risk Assessments & Adherence Support : Lead or participate in internal audits and risk assessments to evaluate adherence with ISO 27001 and other cybersecurity frameworks (e.g., NIST 800-53, DFARS, CMMC). Serve as the primary point of contact for internal and external audits, ensuring timely documentation and resolution of audit findings. Support regulatory inspections and certification processes.

Documentation, Reporting & Metrics : Maintain comprehensive documentation related to ISMS, including control procedures, risk assessments, audit results, and adherence reports. Develop and provide metrics and status reports to cybersecurity leadership, ensuring transparency in security and adherence efforts.

Collaboration & Advisory : Work closely with IT, cybersecurity, legal, and compliance teams to integrate ISO 27001 controls across the organization. Advise on best practices for maintaining a secure environment and aligning with DIB-specific regulatory frameworks. Brief management on ISO 27001 adherence, risk matters, and security improvements.

Training & Awareness : Develop and deliver training programs to increase awareness of ISO 27001 controls, adherence obligations, and information security best practices. Foster a culture of security awareness across the organization.

Vendor & Third-Party Risk Management : Ensure third-party vendors and contractors meet the organization's security and ISO 27001 adherence requirements. Conduct regular vendor risk assessments and security reviews.

Travel may be required, up to 30%.

Knowledge, Skills and Abilities

Ability to work independently, manage multiple projects, and influence stakeholders at all levels of the organization.

Excellent problem-solving, documentation, and communication skills, with the ability to educate and collaborate with cross-functional teams.

Minimum Qualifications

Bachelor's degree in IT, Cybersecurity or a related field. Two years of related experience can be substituted for each of the four years of college

Minimum of 5 years of hands-on experience in compliance frameworks such as ISO 27001, NIST SP 800-53, NIST SP 800-171, Cyber Security Framework, Secure Controls Framework, Cybersecurity, and IT risk management to include some international or UK experience. Prefer defense or government contracting industry experience.

Strong understanding of ISO 27001 requirements and specific regulations governing the DIB sector, including FAR, DFARS, NIST SP 800-53, NIST SP 800-171, CMMC, TAA, and ITAR, with the ability to transfer and reuse controls across multiple frameworks.

Experience implementing and maintaining an Information Security Management System (ISMS) in compliance with ISO 27001.

Strong knowledge of information security controls, risk management, and internal audit processes.

Relevant certifications such as ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, CISA, or CISSP are highly preferred.

US Citizenship is required.

Amentum is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, sex, sexual orientation, pregnancy (including pregnancy, childbirth, breastfeeding, or medical conditions related to pregnancy, childbirth, or breastfeeding), age, ancestry, United States military or veteran status, color, religion, creed, marital or domestic partner status, medical condition, genetic information, national origin, citizenship status, low-income status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law. Learn more about your rights under Federal laws and supplemental language at Labor Laws Posters (https : / / postings.govdocs.com / # / vxSkbztPuAwwxfs) .

J-18808-Ljbffr