Business Information Security & Compliance Officer

The Business Information Security and Compliance Officer will serve as the primary cybersecurity and compliance liaison for one of SRC’s business divisions to embed security and compliance into daily operations and long-term planning, ensuring that programs, projects, systems, and operations align with cybersecurity best practices, DFARS clauses, and DoD regulatory frameworks. This role, a member of the Information Security and Compliance team, will support the implementation of NIST SP 800-171 controls and CMMC requirements across projects within the division, provide ongoing compliance oversight, and act as a trusted advisor for information security, risk, and compliance matters across the division. Primary duties, responsibilities and essential job functions include:

• Advising and supporting the business unit in the implementation and documentation of cybersecurity controls aligned with DFARS, NIST SP 800-171, and CMMC requirements
• Conducting or supporting gap assessments, defining remediation actions, tracking progress through POAMs, and supporting the maintenance of accurate System Security Plans (SSPs)
• Supporting the development, implementation, and maintenance of cybersecurity policies and procedures in compliance with FAR, DFARS, NIST SP 800-171, and CMMC
• Serving as a trusted partner to business stakeholders, helping to interpret security requirements and balance risk and compliance with operational needs
• Guiding the division on security best practices, emerging threats, and compliance obligations
• Collaborating with cross-functional teams including IT, Contracts, Procurement, Engineering, and Program Management to support secure and compliant operations
• Assisting in preparation for audits or assessments, including internal reviews and external CMMC evaluations
• Staying informed on evolving industry trends, regulatory requirements, threat landscape changes, emerging cybersecurity risks, and technologies to ensure the organization remains at the forefront of federal cybersecurity practices
• Contributing to the continuous improvement of the organization’s cybersecurity and compliance posture by identifying inefficiencies and proposing enhancements

#LI-DH1

• Bachelor’s degree in Information Security, Information Systems, Information Technology, Cybersecurity or a related field
• 10+ years of work experience in Information Security, Cybersecurity, IT Security, or Governance, Risk and Compliance functions
• 3+ years of hands-on experience implementing or supporting NIST SP 800-171/171A and/or 800-53 controls withing a corporate or program environment
• 2+ years of experience in an organization with at least 1000 employees
• Strong understanding of information security principles, practices, and technologies, including network security, application security, cloud security and endpoint security
• Experience reviewing and defining security policies, procedures and solutions that support compliance and business objectives
• Experience conducting risk assessments, compliance gap assessments and control remediation
• Prior experience as a liaison between business units and information security and compliance teams
• Demonstrated ability to understand and interpret business and programs security and compliance needs, and translate security and compliance requirements into practical, business-aligned solutions
• Excellent communication, presentation, and interpersonal skills to collaborate directly with business stakeholders, technical teams, and compliance staff
• Effective time management and organizational skills, capable of managing multiple projects and priorities
• Demonstrated professional growth and career progression with increasing levels of responsibility

• Working knowledge of DFARS 252.204-7012/7020/7021
• Experience supporting or preparing for Cybersecurity Maturity Model Certification (CMMC) assessments
• Previous experience creating, maintaining, or supporting System Security Plans (SSP) and Plans of Action and Milestones (POAM)
• Experience supporting or preparing for third-party cybersecurity audits, such as SOC 2, ISO/IEC 27001, FedRAMP, HIPAA, PCI-DSS
• Experience working in Microsoft O365 hybrid environment
• Familiarity with AI and emerging security technologies
• Previous experience as information security consultant or auditor
• Prior experience as a DoD contractor
• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or Certified Information Security Manager (CISM)

SRC IS A CONTRACTOR FOR THE U.S. GOVERNMENT, THIS POSITION WILL REQUIRE U.S. CITIZENSHIP AND ELIGIBILITY FOR A U.S. GOVERNMENT SECURITY CLEARANCE AT THE SECRET LEVEL

• Up to 10% of the time

Scientific Research Corporation is an advanced information technology and engineering company that provides innovative products and services to government and private industry, as well as independent institutions. At the core of our capabilities is a seasoned team of highly skilled engineers and scientists with multidisciplinary backgrounds. This team is challenged daily to provide cutting edge technology solutions to our clients.

SRC offers a generous benefit package, including medical, dental, and vision plans, 401(k) with a company match, life insurance, vacation and sick paid time off accruals starting at 10 days of vacation and 5 days of sick leave annually, 11 paid holidays, tuition reimbursement, and a work environment that encourages excellence and more. For positions requiring a security clearance, selected applicants will be subject to a government security investigation and must meet eligibility requirements for access to classified information.

Scientific Research Corporation is an equal opportunity employer that does not discriminate in employment.

All qualified applicants will receive consideration for employment without regard to their race, color, religion, sex, age, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other protected characteristic under federal, state or local law.

Scientific Research Corporation endeavors to make www.scires.com accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact jobs@scires.com for assistance. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.