Cyber Security Audit & Compliance Specialist

Who We Are: Oasys International, LLC (Oasys) is a rapidly expanding firm that has been recognized on Inc. 5000 magazine's list of the fastest-growing companies for five consecutive years. We are a dynamic organization dedicated to providing world-class technology consulting services through our team of expert technologists, consultants, engineers, and subject matter experts. At Oasys, we prioritize continuous learning, a healthy work-life balance, and a collaborative work environment. Our culture is merit-based, recognizing and rewarding performance and fostering a supportive and social atmosphere.

Position Summary:

Oasys is seeking a Cyber Security Audit & Compliance Specialist to support the United States Coast Guard (USCG) at the Aviation Logistics Center (ALC)-Information Systems Division (ISD). The Cyber Security Audit & Compliance Specialist is responsible for executing and overseeing system security audits, maintaining RMF accreditation artifacts, ensuring security controls are implemented and validated, and managing compliance in accordance with DHS 4300A, FISMA, and NIST 800-53 guidelines.

The Cyber Security Audit & Compliance Specialist will play a critical role in continuous monitoring, POA&M management, control remediation, and maintaining readiness for ATO audits across cloud, on-premises, and hybrid environments.

Primary Responsibilities:

• Lead the execution of cybersecurity assessments, control validations, and audit readiness activities in alignment with Risk Management Framework (RMF) guidelines.
• Oversee and maintain Authorization to Operate (ATO) documentation, ensuring timely updates, renewals, and alignment with evolving security postures.
• Evaluate system security requirements and support security architecture decisions across a wide range of systems, including web applications, databases, virtual infrastructure, and cloud environments.
• Develop and enforce cybersecurity policies, procedures, SOPs, and plans, ensuring full lifecycle traceability from initial deployment through sustainment.
• Manage and monitor Security Information and Event Management (SIEM) systems to identify anomalies, track incidents, and ensure threat visibility.
• Develop, monitor, and track Plans of Action & Milestones (POA&Ms) and support remediation strategies for identified vulnerabilities.
• Collaborate with development, operations, and configuration management teams to integrate security controls into Agile DevSecOps pipelines and CI/CD deployments.
• Serve as a liaison with external auditors, internal stakeholders, and federal oversight bodies to ensure compliance with DHS, FISMA, NIST, and OMB requirements.
• Evaluate and test system security features including encryption protocols, access control models, vulnerability management workflows, and security hardening baselines.
• Review and analyze audit logs, configuration change reports, and incident response records to detect potential violations and ensure corrective actions are implemented.
• Support security education and training activities across the ALC-ISD teams, reinforcing security awareness and secure software practices.
• All other duties as assigned by management.

Skills/Qualifications:

• Deep knowledge of RMF, NIST SP 800-53, FISMA, and DHS 4300A controls.
• Proven experience conducting system audits, preparing for external inspections, and remediating noncompliant findings.
• Expertise with SIEM platforms, vulnerability scanning tools, and GRC platforms.
• Familiarity with enterprise operating environments including Active Directory, Linux/UNIX, Windows, and relational databases.
• Strong written and verbal communication skills; ability to write technical security documentation and brief executive stakeholders.
• Experience supporting secure development pipelines and system baselining in federal DevSecOps environments preferred.

Education/Experience Requirements:

• Bachelor's or Associate's degree in Computer Science, Math, Information Technology, Engineering, or related field. Six (6) years of directly relevant experience may substitute for three (3) years of formal education.
• Minimum of six (6) years of experience in Information security with cyber security, security programs or compliance assurance.
• Minimum of six (6) years of experience with Security Information and Event Management (SIEM).
• Minimum of six (6) years of experience in the risk management framework.
• Basic knowledge of the following: Active Directory, UNIX, Windows, Relational Databases.
• Experience working on or supporting federal government enterprise systems preferred.

Clearance:

• U.S. citizenship required
• Must have an active DoD Secret Clearance.

Certification Requirement

• CompTIA Security+
• Additional certifications (Network+, AWS Certified Cloud Practitioner, Microsoft Azure Fundamentals, Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), ITIL Foundation, TOGAF, or other cybersecurity architecture certifications) are a plus.

Work Location:

• Elizabeth City, NC - Hybrid
• North Carolina Region - Must be able to go on-site at least three days a week

Oasys is proud to be an equal opportunity employer for all protected groups, including protected veterans and individuals with disabilities.