ICAM Risk & Quality Management Specialist (SME)

ICAM Risk & Quality Management Specialist (SME)

General Info:
Citizenship Required: US Citizenship
Clearance: Secret
Job Duration: Full Time
Site: Washington D.C. Metro Area
Travel: 5% or Less

Position Overview:
Provide subject matter expertise in identity-related risk, compliance, and quality assurance across enterprise ICAM programs. Support the design, evaluation, and continuous improvement of identity and access controls, ensuring alignment with federal standards (e.g., NIST, FICAM) and Zero Trust principles. Requires will have deep experience in identity governance, risk management, audit readiness, and control validation, with the ability to assess complex ICAM environments and provide strategic guidance.

Responsibilities:

• Identify, assess, and document risks related to identity and access management systems
• Evaluate risks such as: overprivileged access, weak authentication controls, orphaned or inactive accounts
• Develop and recommend mitigation strategies and risk treatment plans

• Establish and oversee quality assurance processes for ICAM operations
• Validate effectiveness of identity controls including: access provisioning and deprovisioning, role-based access models (RBAC/ABAC), authentication and MFA enforcement
• Conduct periodic control assessments and operational reviews

• Ensure alignment with NIST 800-53 / 800-63, FISMA, FedRAMP, and Zero Trust frameworks
• Lead or support internal and external audits
• Develop and maintain audit artifacts and documentation
• Support Authority to Operate (ATO) processes

• Oversee access certification campaigns and identity lifecycle governance
• Ensure compliance with identity policies across systems and applications
• Collaborate with IGA teams using tools such as SailPoint or Saviynt

• Define and track key performance indicators (KPIs), including: access certification completion rates, privileged access monitoring, MFA adoption and compliance
• Analyze trends and provide recommendations for process and control improvements
• Develop executive-level reports and dashboards

• Contribute to development and refinement of ICAM policies and standards
• Define measurable controls and quality benchmarks
• Ensure policies are enforceable and aligned with enterprise risk posture

• Serve as a trusted advisor to security leadership, ICAM engineers and architects, program managers and auditors
• Translate technical findings into business and compliance impacts
• Provide guidance on ICAM best practices and regulatory requirements

Education and Experience Required:

• • Bachelor’s degree in Cybersecurity, Information Systems, or related field (or equivalent experience)
• 7+ years of experience in IAM/ICAM, cybersecurity, risk, or compliance roles
• Strong expertise in identity and access management concepts, risk assessment methodologies, control validation and audit processes
• Deep knowledge of NIST 800-53 / 800-63, FICAM architecture (federal experience preferred)

Preferred Qualifications:

• Active Secret or Top Secret clearance
• Certifications such as: CISSP, CIS, CRISC
• Experience with IGA tools (SailPoint, Saviynt), GRC platforms (ServiceNow GRC, Archer)
• Familiarity with Zero Trust architecture, Identity security tools and analytics