Cybersecurity Compliance/Risk Management Lead with active Top Secret

 

We are seeking an experienced and dynamic Cybersecurity Risk Management and Compliance Lead to oversee the governance, risk, and compliance (GRC) functions within CLIENT s cybersecurity program. This role requires deep expertise in federal cybersecurity frameworks, audit readiness, and program-level oversight of security compliance activities specific to classified systems. The lead will guide compliance reporting, coordinate with internal and external stakeholders, and support strategic initiatives related to cyber risk management and FISMA readiness.

 

 

Serve as the lead advisor and point of accountability for cybersecurity governance, risk management, and compliance activities.

Coordinate and oversee the development, enhancement, and automation of continuous monitoring and compliance reporting processes.

Manage the reporting of cybersecurity compliance events, POA&M tracking, and risk posture evaluations for all CLIENT assets.

Ensure adherence to CLIENT , NIST, and federal information security policies in all compliance activities.

Lead internal coordination for external audits (e.g., FISMA, OIG evaluations, Financial Control Reviews) and ensure audit findings are addressed.

Prepare and deliver risk analysis reports, Security Impact Analyses (SIAs), and Risk Assessment Reports to CLIENT stakeholders.

Maintain and update a comprehensive repository of POCs, documentation, and risk management workflows.

Support the development and governance of Memorandums of Agreement (MOAs), Interconnection Security Agreements (ISAs), and related system documentation.

Collaborate with ISSMs, ISSOs, and CLIENT component teams to ensure accurate security artifact submissions and remediation of identified issues.

 

Minimum 10 years of experience in cybersecurity risk management and compliance, including at least 4 years directly supporting Security Systems

Bachelor s degree in Cybersecurity, Information Systems, or related field.

Active Top Secret clearance with SCI eligibility.

Strong working knowledge of Risk Management Framework (RMF), NIST SP 800-53 Rev 5, and FISMA.

Demonstrated leadership experience managing compliance teams, coordinating assessments, and interfacing with senior government stakeholders.

Experience with risk quantification, vulnerability analysis, and compliance tools (e.g., ServiceNow GRC, CSAM, or Xacta).

Proficiency in creating executive-level reports, dashboards, and audit documentation.

 

Professional certifications such as CISSP, CISM, CGRC (formerly CAP).

Hands-on experience supporting compliance and risk assessments in a multi-agency, classified environment.

Familiarity with CLIENT-specific tools, policies (e.g., 4300 series), and Security Performance Plans.

Experience contributing to the development of cybersecurity governance processes, training, and strategic planning