ISO 27001 Compliance Engineer

Amentum seeks an ISO 27001 Compliance Engineer

Amentum is a global leader in advanced engineering and innovative technology solutions, trusted by the United States and its allies to address their most significant and complex challenges in science, security and sustainability. Headquartered in Virginia, we have more than 53,000 employees in approximately 80 countries across all 7 continents.

The ISO 27001 Compliance Engineer is a remote-telework position that supports our ISO 27001 adherence and other cybersecurity related frameworks, in governance, risk, and information assurance. This role supports Amentum’s data protection requirements through the assessment of controls and working with teams through the mitigation process. Qualified candidates will need a versatile skill set that emphasizes ISO 27001 comprehension, technology, effective collaboration, critical thinking, analytical prowess, ability to crosswalk multiple frameworks, and strong communication skills. US Citizenship is required to apply. This is a US remote-telework role (you must live within the US to work remote).

Essential Responsibilities:

• ISO 27001 Adherence & Certification: Manage the organization’s ISO 27001 adherence program, including the development, implementation, and maintenance of the ISMS. Ensure alignment with ISO 27001 standards, internal policies, and applicable DIB regulations.
• Control Implementation, Monitoring & Continuous Improvement: Design, implement, and monitor security controls as part of the ISMS to protect sensitive information and ensure adherence with ISO 27001. Continuously assess and improve controls to address emerging cybersecurity threats, regulatory changes, and industry best practices.
• Audits, Risk Assessments & Adherence Support: Lead or participate in internal audits and risk assessments to evaluate adherence with ISO 27001 and other cybersecurity frameworks (e.g., NIST 800-53, DFARS, CMMC). Serve as the primary point of contact for internal and external audits, ensuring timely documentation and resolution of audit findings. Support regulatory inspections and certification processes.
• Documentation, Reporting & Metrics: Maintain comprehensive documentation related to ISMS, including control procedures, risk assessments, audit results, and adherence reports. Develop and provide metrics and status reports to cybersecurity leadership, ensuring transparency in security and adherence efforts.
• Collaboration & Advisory: Work closely with IT, cybersecurity, legal, and compliance teams to integrate ISO 27001 controls across the organization. Advise on best practices for maintaining a secure environment and aligning with DIB-specific regulatory frameworks. Brief management on ISO 27001 adherence, risk matters, and security improvements.
• Training & Awareness: Develop and deliver training programs to increase awareness of ISO 27001 controls, adherence obligations, and information security best practices. Foster a culture of security awareness across the organization.
• Vendor & Third-Party Risk Management: Ensure third-party vendors and contractors meet the organization’s security and ISO 27001 adherence requirements. Conduct regular vendor risk assessments and security reviews.
• Travel may be required, up to 30%.

Knowledge, Skills, and Abilities:

• Ability to work independently, manage multiple projects, and influence stakeholders at all levels of the organization.
• Excellent problem-solving, documentation, and communication skills, with the ability to educate and collaborate with cross-functional teams.

Minimum Qualifications:

• US Citizenship is required.
• Bachelor’s degree in IT, Cybersecurity or a related field. One year in related field can be substituted for each year of the four years of college.
• 5 years of hands-on experience in ISO 27001 adherence, IT, Cybersecurity, and IT risk management to include some international or UK experience. Prefer defense or government contracting industry experience.
• Strong understanding of ISO 27001 requirements and specific regulations governing the DIB sector, including FAR, DFARS, NIST SP 800-53, NIST SP 800-171, CMMC, TAA, and ITAR, with the ability to transfer and reuse controls across multiple frameworks.
• Experience implementing and maintaining an Information Security Management System (ISMS) in compliance with ISO 27001.
• Strong knowledge of information security controls, risk management, and internal audit processes.
• Relevant certifications such as ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, CISA, or CISSP are highly preferred.

Amentum is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, religion, color, sex, gender, national origin, age, United States military veteran’s status, ancestry, sexual orientation, gender identity, marital status, family structure, medical condition including genetic characteristics or information, veteran status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law. Learn more about your rights under Federal EEO laws and supplemental language at EEO including Disability/Protected Veterans and Labor Laws Posters.