(627) Information Assurance Compliance Specialist II

arlosolutionsllc· Cybersecurity
Apply Now ↗
📍 Philadelphia, PA

About this role

Company Summary

Arlo Solutions (Arlo) is an information technology consulting services company that specializes in delivering technology solutions. Our reputation reflects the high quality of the talented Arlo Solutions team and the consultants working in partnership with our customers. Our mission is to understand and meet the needs of both our customers and consultants by delivering quality, value-added solutions. Our solutions are designed and managed to not only reduce costs, but to improve business processes, accelerate response time, improve services to end-users, and give our customers a competitive edge, now and into the future. 

Position Overview

The Specialist, Information Assurance Compliance II (SIAC2) will support the Naval Surface Warfare Center Philadelphia Division (NSWCPD) Department 40 as contractor staff through Arlo Solutions, serving as a senior cybersecurity compliance specialist providing comprehensive information assurance and Risk Management Framework (RMF) support services for Propulsion, Power & Auxiliary Machinery Systems. This key personnel position focuses on developing, implementing, and maintaining cybersecurity compliance programs and documentation to ensure adherence to Department of Defense (DoD) and Department of Navy (DON) cybersecurity policies and procedures for both afloat and Platform Information Technology (PIT) ashore systems.

 

Work Location:  Primary: Philadelphia, PA; periodic travel to customer and operational sites may be required

Clearance:  Active Secret security clearance

Job Responsibilities and/or Success Factors

Risk Management Framework (RMF) Development and Implementation

  • Collect and collate system or site information to evaluate and document security postures in Enterprise Mission Assurance Support Service (eMASS)
  • Develop, submit, and maintain RMF packages in accordance with DoD Instruction 8510.01, Naval Sea Systems Command (NAVSEA) Business Rules, DON RMF Process Guides, and NAVSEA Standard Operating Procedures (SOPs)
  • Create comprehensive RMF package documentation including Assess Only (AO) Determination Request Packages, System Platform IT (PIT) Determinations, Categorization Forms, Authorization Boundary Diagrams, Defense in Depth Diagrams, Privacy Impact Assessments (PIA), and Security Plans (SPs)
  • Develop and maintain Plan of Action and Milestones (POA&M) for all Information Assurance-related tasks and deliverables in eMASS

Policy and Compliance Management

  • Develop or revise existing policies, plans, and strategy documents to meet requirements for RMF Control Families
  • Create comprehensive documentation including Incident Response Plans, Contingency Plans, Information Assurance Vulnerability Management Plans, Configuration Management Plans, and Physical Security Plans
  • Ensure all Information Assurance requirements are addressed and compliant with applicable DoD and DON cybersecurity policies
  • Evaluate discrepancies and recommend potential mitigation measures for reducing or eliminating specific risks

Assessment and Evaluation Activities

  • Conduct risk and vulnerability assessments of planned and installed systems to identify vulnerabilities, risks, and protection needs
  • Execute Security Assessment Plans (SAPs) by conducting on-site testing for afloat and PIT ashore systems
  • Perform systems security reviews, audits, and evaluations to ensure accreditation documents accurately represent current risk posture
  • Determine residual risk of packages based on package content and assessment results for Security Controls Assessor review
  • Conduct analysis of logs, events, and reporting from various data collection tools including Assured Compliance Assessment Solution (ACAS), Host Based Security Systems (HBSS), Security Information and Event Management (SIEM), firewall systems, and intrusion detection systems

Continuous Monitoring and Maintenance

  • Support continuous monitoring activities for authorized systems to maintain Authorization to Operate (ATO) status
  • Develop and update required eMASS documents at specified frequencies, including POA&Ms and Risk Assessment Reports (RARs)
  • Determine system compliance with all applicable Controls and Assessment Procedures (APs) for assigned DON systems
  • Maintain current vulnerability scan data and residual risk POA&Ms in Vulnerability Remediation Asset Manager (VRAM)
  • Track deliverables and action items in accordance with A&A guidance

Technical Documentation and Reporting

  • Perform detailed technical documentation analysis of software/hardware associated with systems and components
  • Develop system architecture diagrams, software design requirements, network connection/authorization boundary diagrams, and RMF plans/policies
  • Create and maintain vulnerability DON eMASS POAMs for systems
  • Present and submit data to management, develop comprehensive reports, and produce procedural documentation
  • Execute Security Technical Implementation Guides (STIGs), Security Requirements Guides (SRGs), ACAS scanning, and apply patches to assets to obtain cybersecurity compliance

Stakeholder Coordination and Communication

  • Manage, attend, and support configuration control board practices
  • Coordinate with government personnel, system owners, and other stakeholders throughout the RMF process
  • Assess impacts from observed risks and report via the Cybersecurity Program chain of command
  • Perform evaluation of system administrator and security engineer proposed corrections to ensure compliance
  • Support Information Assurance Vulnerability Management (IAVM) activities including remediation, patching, and scanning

Compliance and Quality Assurance

  • Ensure RMF artifacts comply with published Navy, NAVSEA Business Rules, NIST SP-800-37, and SP-800-53 Rev 4 requirements
  • Create and verify accuracy of POA&Ms/RARs as identified by vulnerability test results
  • Ensure information systems are operated, used, maintained, and disposed of in accordance with security policies
  • Test systems to verify adequate functionality for mission and project requirements
  • Maintain security clearance and comply with all security requirements specified in the contract

 

Education and Minimum Qualifications

  • Must be a U.S. Citizen
  • Active Secret security clearance
  • Target Education: Bachelor's degree (Computer Science, Information Technology or related technical degree) from accredited College or University
  • Target Experience: Four (4) years of professional experience in Information Assurance Compliance

Minimum Certification: Must demonstrate at least one of the following

  • Information Assurance Management (IAM)
  • Information Assurance Technical (IAT) Level 2 certifications (acceptable certifications include: CAP, CASP+ CE, CISM, CISSP or Associate, GSLC, CCISO, or HCISPP)

Continuing Professional Education Requirements

  • Maintain current IAM/IAT Level 2 certification with required Continuing Professional Education (CPE) as mandated by certification body
  • Complete all required Government mandated training including Antiterrorism Level 1 Awareness, Operations Security (OPSEC), Cybersecurity 101 Training, and other security-related training as specified

 

Desired Qualifications

  • Experience with Navy cybersecurity programs and RMF processes
  • Familiarity with NIST Special Publications and DoD cybersecurity instructions
  • Experience with eMASS, VRAM, ACAS, and other DoD cybersecurity systems
  • Knowledge of Navy and DoD organizational structure
  • Experience supporting NAVSEA or other Navy commands
  • Professional experience in DoD or Navy environments
  • Understanding of NAVSEA Business Rules and SOPs

AAP Statement

We are proud to be an Affirmative Action and Equal Opportunity Employer and as such, we evaluate qualified candidates in full consideration without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, age, disability status, protected veteran status, and any other protected status.

 

Frequently Asked Questions

Is the salary disclosed for the (627) Information Assurance Compliance Specialist II position at arlosolutionsllc?
The salary for this (627) Information Assurance Compliance Specialist II role at arlosolutionsllc is not publicly listed. Click "Apply Now" to learn more about the compensation package on their official careers page.
Where is the (627) Information Assurance Compliance Specialist II position at arlosolutionsllc located?
This (627) Information Assurance Compliance Specialist II role at arlosolutionsllc is based in Philadelphia, PA. The position is listed as on-site or hybrid. Check the full job description or apply directly to confirm the work arrangement.
Which team or department does the (627) Information Assurance Compliance Specialist II at arlosolutionsllc belong to?
This (627) Information Assurance Compliance Specialist II position is part of the Cybersecurity department at arlosolutionsllc. See the full job description for more information about the team structure and responsibilities.
How do I apply for the (627) Information Assurance Compliance Specialist II position at arlosolutionsllc?
Click the "Apply Now" button on this page. You will be redirected to arlosolutionsllc's official application portal hosted on greenhouse where you can submit your application directly.
When was the (627) Information Assurance Compliance Specialist II job at arlosolutionsllc posted?
This (627) Information Assurance Compliance Specialist II position at arlosolutionsllc was posted on Dec 29, 2025. Apply as soon as possible — early applications are often reviewed first.
(627) Information Assurance Compliance Specialist II
arlosolutionsllc
Apply for this role ↗

You'll be redirected to arlosolutionsllc's official application page on Greenhouse.