Cleared On Site Chief Security Architect for Governance, Risk and Compliance (5030)
About The Position
Law Enforcement Agency OCIO's organization is moving to Information Systems Security as a Service and requires a Chief Security Architect to serve as the program’s principal technical authority, providing strategic risk advisory to OCIO leadership, Authorizing Officials, and ISSO(E)(M)s while overseeing the security posture of 600+ information systems across all classification levels. This position will be on site in Washington, DC and requires a Top-Secret Clearance. The Chief Security Architect serves as the program’s principal technical authority, providing strategic risk advisory to OCIO leadership, Authorizing Officials, and ISSO(E)(M)s while overseeing the security posture of 600+ information systems across all classification levels. This role translates the Customer's security vision into actionable technical guidance, validates the system categorization methodology, reviews high-risk change requests, and enables innovation through evaluation of emerging technologies (AI/ML, zero trust, cloud-native security) within the Customer's governance constraints. The Chief Security Architect leads early lifecycle security advisory to embed security in system design rather than retrofit, resolves complex technical disputes between implementation and assessment teams, and drives enterprise-wide security architecture patterns that enable consistent, defensible authorization decisions. This strategic position elevates ISaaS from tactical compliance execution to mission-enabling security partnership, ensuring the Customer maintains robust cybersecurity posture while adopting cutting-edge capabilities to counter evolving threats. The role requires balancing deep technical expertise with executive communication skills, translating complex security risks into business impacts and strategic recommendations for senior Customer leadership.
Requirements
- Bachelors Degree
- 10+ years of experience
- Deep expertise with NIST implementation at scale, 800-53 controls and assessment procedures
- FISMA and Intelligence Community security frameworks
- Proven ability to design security architectures for diverse environments (on-prem, cloud, hybrid, air-gapped)
- Cloud security architecture
- AWS/Azure security services, configurations, best practices
- FedRAMP authorization process and cloud control inheritance
- Some knowledge of IaC / DevSecOps principles (not sure this is a must)
- Cloud-native security patterns: ZTA, container security, serverless, etc.,
- Governance, Risk, and Compliance (must have, top skill, after the architecture/cloud)
- Track record at providing technical risk assessments and recommendations
- Articulate residual risk in business terms, enabling informed risk acceptance by non-technical executives
- Experience with conditional ATO strategies and balancing operational urgency with security requirements
- Experience leading or overseeing independent security assessments for diverse system types
- Ability to validate assessment quality and consistency across multiple assessor teams
- Strategic and Leadership Skills (must have)
- Executive Communication – demonstrated ability to brief C-level executives and senior gov officials on complex security processes
- Skill in translating technical vulnerabilities into business risk and strategic recommendations
- Experience in developing security strategies, roadmaps, and business cases for executive approval (at least serve as an advisor for these)
- Proven ability to build trust and credibility with diverse stakeholders, system owners, developers, operations trams, auditors
- One of the following certifications -AWS Cloud Solutions Architect (Professional), CISSP-ISSEP
- Active TS clearance with SCI Eligibility
Nice To Haves
- NSS and Intelligence Community Experience (nice to have)
- IC-specific security requirements (ICD 503 for cloud, ICD 705 for SCI, etc.,)
- Cross-domain solutions (CDS) and high-side/low-side data transfer security
- Audit and Compliance (nice to have, more important that they were independent audits)
- Experience in supporting FISMA audits, DOJ inspector general reviews, GAO assessments
- Understanding of OMB, DOJ, and IC Cybersecurity reporting requirements and metrics
- Ability to translate audit findings into actionable remediation paths and process improvements
Benefits
- health insurance
- paid leave
- retirement
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
