Cyber Risk & Authorization Manager with Active TopSecret

Job Title: Cyber Risk & Authorization Manager (Continuous Authorization & Risk Operations)

Location: Springfield, VA  ( onsite)

Duration: 4+ Years

Active Top Secret clearance required

 Overview: Lead continuous authorization, control integrity, and operational risk oversight for federal information systems supporting mission-critical environments. Maintain system authorization posture, integrate security controls into operational workflows, and provide ongoing risk visibility across infrastructure, cloud, and SaaS ecosystems.

Responsibilities:

• Maintain system authorization posture in accordance with NIST RMF (SP 800-37)
• Oversee implementation of controls aligned to NIST SP 800-53
• Ensure System Security Plan (SSP) accuracy and continuous updates
• Manage POA&M lifecycle and remediation velocity
• Conduct impact analysis for system changes and architectural updates
• Support authorization boundary governance
• Lead monthly control validation activities
• Analyze vulnerability trends and remediation performance
• Track FISMA metrics and performance indicators
• Integrate incident response outcomes into control updates
• Develop and deliver executive-level risk dashboards
• Ensure audit readiness at all times
• Participate in design reviews and change control boards
• Assess SaaS onboarding risk and data flow implications
• Evaluate FedRAMP inheritance and shared responsibility models
• Validate Zero Trust alignment for system access patterns
• Support supply chain risk oversight for third-party integrations
• Provide risk briefings to system owners and leadership
• Translate technical findings into mission impact narratives
• Recommend risk acceptance, mitigation, or escalation strategies
• Serve as trusted advisor to CIO, CISO, and Program leadership

 Required Skills:

• 5+ years’ experience in federal cybersecurity, risk management, or system authorization
• Deep understanding of NIST SP 800-37 (RMF), NIST SP 800-53, FISMA, and Continuous Monitoring (ConMon)
• Experience supporting ATO sustainment for moderate/high impact systems
• Experience in cloud or hybrid environments
• Strong analytical and executive communication skills
• Preferred: familiarity with FedRAMP, C-SCRM, Zero Trust Architecture, continuous authorization (cATO), GRC platforms (e.g., Archer, ServiceNow, RegScale)
• Security certification preferred: CISSP, CISM, CAP, or equivalent