Key skills
Risk Management
About this role
Role Overview
- Turn complex risk into clear action by supporting Risk Management Framework (RMF) activities
- Drive Assessment & Authorization (A&A) packages through Authorization to Operate (ATO)
- Partner with engineering and mission teams to scope controls, assess risk, remediate gaps, and sustain continuous monitoring
- Ensure systems remain secure and compliant
Requirements
- 3+ years of experience within Information Security, Cyber Risk Management, or Security Compliance Functions
- Experience applying NIST Risk Management Framework (RMF) across categorization, control selection or implementation, assessment, authorization, and continuous monitoring
- Experience supporting Assessment & Authorization (A&A) efforts and coordinating Authority to Operate (ATO) decisions with Authorizing Officials
- Experience performing security control assessments and producing artifacts such as Security Assessment Reports (SAR) and Plans of Action & Milestones (POA&M)
- Experience developing and maintaining security documentation, including System Security Plans (SSP) and control implementation statements
- Knowledge of NIST SP 800-53 Rev.5 control families and tailoring controls to impact levels
- Knowledge of FISMA processes supporting RMF and authorization decisions
- Ability to translate technical findings into risk statements and remediation recommendations aligned to mission and business priorities
- Ability to plan and execute continuous monitoring (ConMon), track residual risk, and drive closure of POA&M
- Public Trust
- Bachelor’s degree or 5+ years of experience in information security in lieu of a degree
Benefits
- Health, life, disability, financial, and retirement benefits
- Paid leave
- Professional development
- Tuition assistance
- Work-life programs
- Dependent care
- Recognition awards program