DoD RMF, Compliance and Risk Management Leader

The DoD GRC Leader ensures Department of Defense (DoD) Information Systems achieve and maintain security and compliance by applying security engineering principles throughout the system development lifecycle. This role provides strategic oversight for risk management, security architecture, compliance initiatives, and cross-functional collaboration, supporting Authorization to Operate (ATO) and adherence to DoD, NIST, and federal standards. 

RESPONSIBILITIES

• Enterprise System Security Design & Integration
  • Provide strategic leadership in designing and integrating security architectures for government information systems, ensuring alignment with DoD and NIST frameworks 
  • Direct the documentation and integration of security requirements into system architectures and engineering processes 
  • Oversee the implementation, validation, and continuous improvement of security controls for effective risk mitigation and compliance 
  • Lead modernization and migration of systems to meet evolving security baselines and regulatory requirements 
• Risk Assessment & Mitigation
  • Lead comprehensive risk assessments, including vulnerability testing and technical evaluations, to identify and address threats and mission impacts
  • Develop and implement risk mitigation strategies, and ensure ongoing risk management in line with DoD organizational objectives and regulatory directives
  • Direct the development and execution of security assessment plans, including in-depth technical evaluations, vulnerability testing, and compliance assessments in accordance with DoD and NIST standards
  • Analyze vulnerability scan results and threat intelligence, prioritizing remediation and ensuring timely resolution of security issues
• Compliance & Authorization
  • Oversee the Risk Management Framework (RMF) process, guiding systems through assessment and authorization phases to achieve and sustain ATO
  • Ensure accurate development and maintenance of System Security Plans (SSPs) and related compliance documentation
  • Maintain continuous monitoring and governance to ensure ongoing compliance with all applicable cybersecurity standards and directives
  • Oversee and support cybersecurity audits and inspections, driving prompt and effective technical remediation of findings  
• Continuous Monitoring & Incident Response
  • Direct the development and execution of enterprise-wide continuous monitoring strategies to maintain situational awareness and security posture
  • Oversee impact analyses for system and operational changes, ensuring informed risk decisions and regulatory compliance
  • Lead the creation and maintenance of incident response plans, and provide expert guidance during cybersecurity incidents to ensure effective mitigation and recovery
  • Serve as a senior technical advisor during cybersecurity incidents, providing expert guidance, coordination, and support to ensure effective containment, mitigation, and recovery efforts 
• Collaboration & Reporting
  • Foster collaboration with IT leadership, program managers, and key cybersecurity stakeholders throughout the system lifecycle
  • Provide executive-level briefings and reports to senior management, supporting informed decision-making and effective risk communication
  • Ensure comprehensive and audit-ready documentation for security controls, assessments, and system architecture

QUALIFICATIONS

• Minimum 8 years progressive, hands-on Federal consulting experience, including significant DoD exposure
• Bachelor’s degree (ABET-accredited or CAE-designated) in IT, Cybersecurity, Data Science, Information Systems, or Computer Science
• Must have an active T3 background investigation
• Must possess CISSP certification
• Technical & Security Leadership:
  • Deep expertise in DoD RMF, including system categorization, control implementation, assessment, continuous monitoring, and A&A
  • Proficient in developing/maintaining SSPs, POA&Ms, and ensuring compliance with DoD/Army security policies (e.g., DoD 8570.01-M, DoDI 8500.01, DoDI 8510.01)
  • Strong grasp of GRC standards and current cybersecurity best practices
  • Skilled in vulnerability/threat management (ACAS, SCAP, DISA STIGs, APTs) and security architecture (network, firewalls, IDS/IPS, system hardening)

• Leadership, Communication & Business Skills:
  • Proven ability to lead and develop cross-functional teams, drive project delivery, and adapt to evolving threats in military settings
  • Expert in capturing, defining, and documenting security requirements and practices
  • Excellent problem-solving, critical thinking, and relationship-building skills
  • Strong written and verbal communication, including translating technical concepts for non-technical audiences and gaining stakeholder buy-in
  • Experience supporting business development, building client relationships, and creating business cases for Federal clients