Equifax, Inc.

Apply for this job

Senior Federal Security Compliance Analyst (Finance)



We are seeking a motivated and detail-oriented individual to join our team as a Senior Federal Security Compliance Analyst. While the primary focus will be ensuring compliance with the Federal Information Security Management Act (FISMA), experience with other federal frameworks such as FedRAMP, CMMC, NIST SP 800-53, and NIST SP 800-171 is highly valued. The successful candidate will be responsible for driving the security and compliance of our systems and data in accordance with various federal requirements.

You will serve as a key point of contact for federal compliance matters, with a primary focus on FISMA. You will work with internal and external stakeholders to communicate compliance mandates, maintain compliance against published standards, and support the overall compliance program to reduce compliance load and streamline program activities.

Equifax has a hybrid work schedule that allows for 2 days of remote work (Monday and Friday), with 3 days onsite (Tuesday, Wednesday, Thursday) every week.

This role will work the required onsite days at our Equifax office in Alpharetta, Saint Louis, or Reston.

This position does not offer immigration sponsorship (current or future) including F-1 STEM OPT extension support.

This is a direct-hire role and it is not open to C2C or third-party vendors.

What you'll do

  • Manage Federal Compliance Programs:
    • Assist with the management and execution of Federal Compliance Programs, with a primary emphasis on FISMA.
    • Ensure compliance with customer requirements (particularly FISMA), relevant NIST standards (including SP 800-53 Rev 5 and SP 800-171), internal security controls, and policies. Support activities related to FedRAMP and CMMC as needed.
    • Serve as a primary point of contact for FISMA-related matters, collaborating with cross-functional teams, while supporting broader federal compliance inquiries.
  • Assessments: Coordinate and conduct readiness assessments, pre-assessments, and formal assessments (e.g., FISMA, potentially supporting FedRAMP or CMMC readiness) with internal and external stakeholders to ensure compliance with established guidelines.
  • Documentation: Develop, maintain, and assess documentation for federal compliance frameworks (primarily FISMA Rev 5, but also including NIST SP 800-171 requirements and potentially supporting FedRAMP or CMMC artifacts), including System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), Security Assessment Plans (SAPs), evidence templates, and other relevant artifacts.
  • Methodology & Process Improvement: Evaluate and enhance audit and compliance methodologies and processes for greater effectiveness and efficiency across federal compliance programs (FISMA, NIST SP 800-53/171, etc.).
  • Communication & Reporting:
    • Provide regular updates and status reports on federal compliance activities (primarily FISMA) to key stakeholders, fostering transparency and communication.
    • Utilize strong communication skills to advise organizational leaders on federal compliance topics (FISMA, NIST, FedRAMP, CMMC), associated risks, and remediation strategies.

What experience you need

  • Education: Bachelor's Degree in Cyber/Information Systems/Information Security/or equivalent discipline or equivalent experience.
  • Experience: Minimum of 5 years of experience in regulatory compliance, consulting, or cyber security working with federal compliance regulations, demonstrating deep expertise in FISMA and NIST SP 800-53.
  • FISMA Expertise: Demonstrated experience with FISMA compliance, including:
    • Project & Program Management: Exceptional project management abilities, including planning, organizing, and executing tasks related to federal compliance initiatives.
    • Analytical & Critical Thinking: Strong analytical and critical-thinking skills to identify and address compliance gaps and security risks across various frameworks.
    • Developing and maintaining FISMA-related documentation - SSPs, SAPs, POA&Ms, evidence templates and artifacts for NIST SP 800-53 (Rev 4 and Rev 5), for 3PAO assessments.
  • Security & IT Knowledge: Familiar with Information Security principles, knowledge of IT processes (e.g., SDLC, Incident Management, Risk Management, Network and System Administration), and knowledge of IT platforms, web, middleware, cloud services (IaaS, PaaS, SaaS), database, operating systems, infrastructure, encryption, routers, firewalls, virtualization, tokenization.
  • Proven ability to effectively collaborate with cross-functional, cross-organizational teams to secure commitments on deliverables and ensure resolution of blocking issues.

What could set you apart
  • Direct Framework Experience: Proven hands-on experience implementing, managing, or assessing systems against FedRAMP or CMMC requirements.
  • Government Experience: Possess experience working directly with US government agencies or supporting federal audits for government clients.
  • 3PAO Assessment Experience: Have experience working with or as a 3PAO (Third-Party Assessment Organization) conducting FISMA, FedRAMP, or CMMC assessments.
  • Broad Compliance Knowledge: Demonstrate experience with other compliance frameworks beyond federal, such as PCI DSS and SOC 2, showcasing a well-rounded understanding of security and compliance landscapes.
  • Effective Communication: Exhibit strong presentation and public speaking skills, enabling clear and persuasive communication of complex security concepts to diverse audiences and ability to translate complex technical information.
  • Collaborative Leadership: Show a proven ability to build consensus and drive collaboration across diverse teams, fostering a cohesive and productive environment.
  • Continuous Improvement Mindset: Possess a passion for continuous improvement and innovation in audit and compliance methodologies, demonstrating a commitment to enhancing efficiency and effectiveness.

#LI-Hybrid

#LI-KD1 Apply

Apply Here done