Cybersecurity Risk Manager

Role purpose: Leads practical, mission-aligned cybersecurity governance across customer's systems by driving assessment documentation, control implementation guidance, risk evaluations, contingency planning, POA&M management, and cyber compliance reporting.

Core responsibilities

Provide actionable cybersecurity guidance to system and product teams on control implementation, risk mitigation, and compliance with federal and HHS requirements.

Develop, upload, maintain, and quality-check assessment artifacts including FIPS 199 categorizations, E-Authentication risk assessments, control implementation statements, and supporting evidence.

Evaluate cybersecurity risk for new capabilities, integrations, applications, plug-ins, and system connections before deployment.

Lead development, testing, and update cycles for system contingency plans, security SOPs, and governance playbooks.

Maintain POA&M tracking, remediation coordination, vulnerability status reporting, and risk dashboards for leadership review.

Coordinate closely with engineering, operations, and incident response teams on vulnerability management, incident handling, and cyber data calls.

Support audit readiness and maintain evidence packages that withstand IV&V, assessor, and government review.

Minimum qualifications

Bachelor’s degree in cybersecurity, information assurance, computer science, or related field; master’s degree preferred.

10+ years of cybersecurity risk, compliance, or RMF experience, including at least 5 years supporting federal systems.

Deep working knowledge of NIST RMF, FISMA, HHS/NIH controls, SSPs, POA&Ms, contingency planning, and security documentation.

Proven ability to coordinate across technical and non-technical stakeholders in a fast-paced mission environment.

CISSP and CAP strongly preferred; CISM, FedRAMP Practitioner, or Zero Trust training desirable.

Experience with cloud security, SaaS governance, vulnerability scanning, and continuous monitoring.

Familiarity with risk repositories, evidence management, dashboards, and governance reporting.

Preferred qualifications / certifications

Experience supporting healthcare, research, or biomedical environments handling sensitive data.

Pay: $150,000.00 - $200,000.00 per year

Benefits:

• 401(k)
• 401(k) matching
• Dental insurance
• Health insurance
• Life insurance
• Paid time off
• Retirement plan
• Vision insurance

Work Location: Hybrid remote in Washington, DC 20036