COMPLIANCE ENGINEER at Orbis

• Job Location McLean, VA
• Seniority Mid-Senior Level
• Type Full-time

Share on:

Description

Orbis Operations LLC is seeking a Compliance Engineer to support the design, implementation, and continuous improvement of our cybersecurity and information compliance posture across federal and commercial programs.

This role sits at the intersection of technical engineering, data governance, and regulatory compliance, requiring someone who can translate complex frameworks into actionable controls, policies, and documentation.

Reporting directly to the EVP, Program Enablement within the Operations & Delivery Division, you'll work closely with program leadership and technical teams to advance our CMMC Level 2 certification, ISO 27001 implementation, NIST-aligned security practices, and information management standards across a dynamic, globally distributed organization.

Orbis Operations, LLC sits at the intersection of national security, emerging technology, and global operations.

Our team supports some of the most consequential programs in defense and intelligence, and our compliance posture directly enables that mission.

This is a high-visibility role with real impact — not a checkbox exercise.

Duties/Responsibilities Lead and support compliance activities across CMMC 2.0, NIST SP 800-171, NIST SP 800-53, and ISO 27001 frameworks, ensuring alignment with organizational security and information governance policies and contractual obligations Assess, document, and remediate gaps in technical and administrative controls across enterprise systems, cloud environments, and end-user infrastructure Develop and maintain System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), risk registers, information classification schemas, and other compliance artifacts Support the preparation and execution of internal and third-party audits, including C3PAO assessments and ISO 27001 certification audits Collaborate with IT, operations, and program delivery teams to embed compliance requirements into system design, configuration management, information handling procedures, and change control processes Provide guidance on CUI (Controlled Unclassified Information) handling, data classification, records management, and information system boundary definition Support the development and enforcement of information governance policies including data retention, disposal, access controls, and acceptable use Own and operate GRC/compliance automation platforms such as Vanta, including evidence collection, control mapping, integration configuration, and audit readiness workflows Monitor regulatory and policy developments across both cybersecurity and information management domains, assessing impact to current compliance posture and recommending proactive adjustments Support vendor and subcontractor compliance reviews, including information handling requirements and flow-down obligations Supervisory Responsibilities This position has no supervisory responsibilities Education And Experience A Bachelor’s degree is required for this position in cybersecurity of related field.

5+ years of experience in cybersecurity and/or information compliance, information assurance, data governance, or a related engineering discipline Required Sills/Abilities Demonstrated working knowledge of CMMC 2.0 (Level 2 preferred), NIST SP 800-171, NIST SP 800-53, and ISO 27001 Experience developing or maintaining compliance documentation including SSPs, POA&Ms, control matrices, and information classification frameworks Familiarity with cloud platforms (Microsoft 365, Azure) and associated compliance configurations, including Purview, Defender, Conditional Access, and data loss prevention (DLP) tooling Understanding of information lifecycle management including data classification, retention, and disposition requirements in a federal or defense context Strong written and verbal communication skills with the ability to present technical and compliance findings to non-technical stakeholders Ability to obtain and maintain a Secret level clearance Desired Skills/Abilities Certifications such as CISSP, CISM, CIPP, CompTIA Security+, CCSP, or ISO 27001 Lead Auditor/Implementer Experience working in a defense contractor or national security environment Familiarity with GCC High or DoD IL environments Experience supporting DFARS 252.204-7012 and CUI program compliance requirements Knowledge of NARA records management requirements or federal information management policy Hands-on experience with GRC and compliance automation platforms such as Vanta, Drata, Tugboat Logic, or similar tools, including evidence collection, control mapping, and audit readiness workflows Physical Requirements Prolonged periods of sitting at a desk and working on a computer.