Information Security Risk Specialist

About The Position

Requirements

• 3+ years of experience within Information Security, Cyber Risk Management, or Security Compliance Functions
• Experience applying NIST Risk Management Framework ( RMF ) across categorization, control selection or implementation, assessment, authorization, and continuous monitoring
• Experience supporting Assessment & Authorization ( A & A ) efforts and coordinating Authority to Operate ( ATO ) decisions with Authorizing Offi cia ls
• Knowledge of NIST SP 800‑53 Rev.5 control families and tailoring controls to impact levels
• Knowledge of FISMA processes supporting RMF and authorization decisions
• Public Trust determination is required
• Bachelor’s degree

Nice To Haves

• Experience communicating complex security concepts clearly to non‑technical stakeholders and senior leaders
• Experience producing concise A & A documentation and executive‑ready summaries
• Knowledge of structured writing and plain‑language techniques for technical documentation
• Knowledge of stakeholder analysis and change management to drive adoption of security recommendations
• Ability to write crisply, edit met iculously, and proofread to ensure consistency across artifacts
• Ability to facilitate working sessions, build consensus, and present recommendations confidently
• Master's degree

Responsibilities

• Supporting Risk Management Framework ( RMF ) activities
• Driving Assessment & Authorization ( A & A ) packages through Authorization to Operate ( ATO )
• Partnering with engineering and mission teams to scope controls, assess risk, remediate gaps, and sustain continuous monitoring
• Performing security control assessments and producing artifacts such as Security Assessment Reports ( SAR ) and Plans of Action & Milestones ( POA & Ms )
• Developing and maintaining security documentation, including System Security Plans ( SSP ) and control implementation statements
• Translating technical findings into risk statements and remediation recommendations aligned to mission and business priorities
• Planning and executing continuous monitoring ( ConMon )
• Tracking residual risk
• Driving closure of POA & Ms

Benefits

• health, life, disability, financial, and retirement benefits
• paid leave
• professional development
• tuition assistance
• work-life programs
• dependent care
• recognition awards program