Information Security Risk Specialist
Booz Allen Hamilton•Bethesda, MD
•$62,000 - $141,000•Remote
About The Position
Cyber threats evolve constantly. In this role, you’ll turn complex risk into clear action by supporting Risk Management Framework (RMF) activities and driving Assessment & Authorization (A&A) packages through Authorization to Operate (ATO). You’ll partner with engineering and mission teams to scope controls, assess risk, remediate gaps, and sustain continuous monitoring so systems remain secure and compliant. Join us. The world can't wait.
Requirements
- 3+ years of experience within Information Security, Cyber Risk Management, or Security Compliance Functions
- Experience applying NIST Risk Management Framework (RMF) across categorization, control selection or implementation, assessment, authorization, and continuous monitoring
- Experience supporting Assessment & Authorization (A&A) efforts and coordinating Authority to Operate (ATO) decisions with Authorizing Officials
- Experience performing security control assessments and producing artifacts such as Security Assessment Reports (SAR) and Plans of Action & Milestones (POA&Ms)
- Experience developing and maintaining security documentation, including System Security Plans (SSP) and control implementation statements
- Knowledge of NIST SP 800‑53 Rev. 5 control families and tailoring controls to impact levels
- Knowledge of FISMA processes supporting RMF and authorization decisions
- Ability to translate technical findings into risk statements and remediation recommendations aligned to mission and business priorities, plan and execute continuous monitoring (ConMon), track residual risk, and drive closure of POA&Ms
- Public Trust determination is required.
- Bachelor’s degree
Nice To Haves
- Experience communicating complex security concepts clearly to non‑technical stakeholders and senior leaders
- Experience producing concise A&A documentation and executive‑ready summaries
- Knowledge of structured writing and plain‑language techniques for technical documentation
- Knowledge of stakeholder analysis and change management to drive adoption of security recommendations
- Ability to write crisply, edit meticulously, and proofread to ensure consistency across artifacts
- Ability to facilitate working sessions, build consensus, and present recommendations confidently
- Master's degree
Responsibilities
- Support Risk Management Framework (RMF) activities.
- Drive Assessment & Authorization (A&A) packages through Authorization to Operate (ATO).
- Partner with engineering and mission teams to scope controls, assess risk, remediate gaps, and sustain continuous monitoring.
- Perform security control assessments and produce artifacts such as Security Assessment Reports (SAR) and Plans of Action & Milestones (POA&Ms).
- Develop and maintain security documentation, including System Security Plans (SSP) and control implementation statements.
- Translate technical findings into risk statements and remediation recommendations aligned to mission and business priorities.
- Plan and execute continuous monitoring (ConMon).
- Track residual risk.
- Drive closure of POA&Ms.
Benefits
- health, life, disability, financial, and retirement benefits
- paid leave
- professional development
- tuition assistance
- work-life programs
- dependent care
- recognition awards program
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
