We are seeking a highly experienced FISMA Compliance Lead to oversee a federal information security program in support of the U.S. Department of Commerce, International Trade Administration (ITA). The ideal candidate will bring deep expertise in federal cybersecurity compliance, project coordination, and risk management—especially within FISMA, FedRAMP, and CSAM environments. This role requires exceptional communication and leadership skills, as you’ll serve as a key liaison between ITA and DOC stakeholders.
*This position is contingent based upon contract award*
Assess and maintain security documentation in compliance with federal policies and guidelines.
Ensure continuous alignment with FedRAMP processes, features, and requirements.
Manage and coordinate quarterly FISMA reporting activities for each fiscal year.
Lead collection and validation of FISMA data metrics from multiple technical and administrative teams.
Act as the primary liaison between the Department of Commerce (DOC) and ITA on all FISMA-related activities, including audits, reporting, and data calls.
Maintain regular communication with government Points of Contact (POCs) and compliance teams regarding the status of metrics and reporting requirements.
Represent the compliance team in the following recurring meetings:
Weekly Contractor Status Meetings
Weekly ITA Data Call Meetings
Weekly FISMA Performance Improvement Working Group
Monthly DOC/ITA Cyber Liaison Meetings
Monitor CSAM (Cyber Security Assessment and Management) system inputs and status for accuracy and compliance.
Track and report on supply chain risk management activities and assessments.
Bachelor’s degree or higher in Cybersecurity, Information Assurance, or a related technical field.
Minimum 10 years of federal government experience performing FISMA compliance activities.
Demonstrated experience managing compliance documentation, coordinating federal audits, and reporting.
Strong understanding of FedRAMP controls and federal cloud security frameworks.
Hands-on experience with CSAM or similar compliance tracking tools.
Preferred
Experience in Project Management or Agile/Scrum methodologies.
One or more of the following certifications:
ISC² Certified in Governance, Risk and Compliance (CGRC)
Certified Cloud Security Professional (CCSP)
Certified Information Systems Security Professional (CISSP)
Diné Development Corporation (DDC) is a Navajo Nation owned family of companies that delivers IT, professional, and environmental solutions to advance the missions of federal, state, and tribal government agencies. As thought leaders and innovators, our team of specialists build client-centric solutions that solve critical challenges faced by defense, civilian, and healthcare organizations. Employing a mission-focused approach, we deliver value that not only enhances current operations, but also drives future change. Closely aligned with this approach is our commitment to advancing the Navajo Nation and its People. Through economic development and community empowerment, we elevate the Navajo Nation to provide lasting impact and sustainable growth for future generations. DDC’s ability to unite legacy-inspired technologies, industry best practices, and proven methodologies has contributed to our success for twenty years.
This contractor and subcontractor shall abide by the requirements of 41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, national origin, or for inquiring about, discussing, or disclosing information about compensation, or any other basis prohibited by law. We participate in E-Verify.
Software Powered by iCIMS
www.icims.com