×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity IT Consultant Information Security

Cyber Risk Management Specialist

Job in McLean, Fairfax County, Virginia, USA
Listing for: Steampunk
Full Time position
Listed on 2025-10-18
Job specializations:
  • IT/Tech
    Cybersecurity, IT Consultant, Information Security
Salary/Wage Range or Industry Benchmark: 100000 - 125000 USD Yearly USD 100000.00 125000.00 YEAR
Job Description & How to Apply Below

Overview

The Cyber Risk Management Specialist (CRMS) will specialize in in-depth knowledge of the program's cyber security hygiene, Dev Sec Ops , Risk Management Framework (RMF), Assessment and Authorization (A&A), Federal Risk and Authorization Management Program (FedRAMP) compliance, continuous ATO (cATO) and continuous monitoring. A solid grasp on confidentiality, integrity, and availability (CIA) security concepts is required. The candidate will be responsible for the technical implementation and enforcement of security hardening, vulnerability management, scan analysis, data analysis for metrics reporting, cloud environments, compliance with Federal regulation and policy, and commercial best practices relating to cyber security.

The candidate must have the ability to be flexible and adaptive to a fast-paced, fluid business environment.

Contributions

The role requires strong procedural knowledge of NIST SP 800-37 Risk Management Framework (RMF) for Information Systems and Organization, NIST SP 800-53 Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations, FedRAMP requirements, cloud environments, cloud cybersecurity architecture, compliance with Federal regulation and policy, and commercial best practices relating to cloud security.

The CRMS is expected to efficiently learn and adapt to rapidly changing federal governance frameworks and standards of practice, to include risk treatments for modern and emerging technologies (e,g, AI, blockchain, microservices).

The Cyber Risk Management Specialist performs a range of functions before, during, and after an authorization is granted:

  • Integrate security into Dev Ops effectively at every stage of the software development life cycle (SDLC).
  • Identify security holes and potential breaches, work through multifaceted security issues, and create effective solutions based on understanding of risk posture and treatments.
  • Develop and implement tactical strategies for seamless automation to optimize the IT infrastructure.
  • Apply specialized knowledge of financial audit standards, classified system IA requirements, and Privacy Act requirements.
  • Implement the NIST Special Publication (SP) 800 family of publications, particularly those associated with the Risk Management Framework.
  • Evaluating system, network, or infrastructure security controls against requirements such as FISMA, FIPS, and NIST guidelines
  • Apply in-depth, hands-on knowledge of the FedRAMP regulations, process, and requirements to lead project and initiative teams in accrediting cloud products and services.
  • Support external audits, data calls, and the Authorization to Operate (ATO) process by coordinating with organization system owners, engineers, CSP’s and Third-Party Assessment Organizations (3

    PAO).
  • Positively impact the organization’s goals and operational mission through various forms of metric performance measuring tools used to evaluate adherences to compliance.
  • Advise clients on FedRAMP requirements and provide security guidance on the implementation of security compliance controls per technical, management, and operational requirements.
  • Implement, monitor, and assess NIST SP 800-53 security controls for cloud environments to ensure compliance with FedRAMP requirements and governance models.
  • Ensure ongoing compliance with FedRAMP policy and requirements through monthly deliverables, regular vulnerability scanning, penetration testing, contingency testing, and annual security assessments performed by a 3

    PAO.
  • Support ATO, cATO, and continuous monitoring activities to include security documentation, audit log, security incidents, and risk assessment.
  • Review and manage POA&M (Plan of Action & Milestones), to include remediation tracking and reporting.
Qualifications

Required

  • Ability to obtain a U.S. government Security Clearance
  • Master's Degree and 1 year of relevant experience; OR
    • Bachelor's Degree and 3 years of relevant experience; OR
    • No degree and 8 years of relevant experience
  • Possesses at least one professional certification relevant to the technical service provided.…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search