Information Security Risk Specialist

Booz Allen Hamilton•Bethesda, MD

1d•$62,000 - $141,000•Remote

About The Position

Information Security Risk Specialist The Opportunity: Cyber threats evolve constantly. In this role, you’ll turn complex risk into clear action by supporting Risk Management Framework (RMF) activities and driving Assessment & Authorization (A&A) packages through Authorization to Operate (ATO). You’ll partner with engineering and mission teams to scope controls, assess risk, remediate gaps, and sustain continuous monitoring so systems remain secure and compliant. Join us. The world can't wait.

Requirements

3+ years of experience within Information Security, Cyber Risk Management, or Security Compliance Functions
Experience applying NIST Risk Management Framework (RMF) across categorization, control selection or implementation, assessment, authorization, and continuous monitoring
Experience supporting Assessment & Authorization (A&A) efforts and coordinating Authority to Operate (ATO) decisions with Authorizing Officials
Experience performing security control assessments and producing artifacts such as Security Assessment Reports (SAR) and Plans of Action & Milestones (POA&Ms)
Experience developing and maintaining security documentation, including System Security Plans (SSP) and control implementation statements
Knowledge of NIST SP 800‑53 Rev.5 control families and tailoring controls to impact levels
Knowledge of FISMA processes supporting RMF and authorization decisions
Ability to translate technical findings into risk statements and remediation recommendations aligned to mission and business priorities, plan and execute continuous monitoring (ConMon), track residual risk, and drive closure of POA&Ms
Public Trust determination is required.
Bachelor’s degree

Nice To Haves

Experience communicating complex security concepts clearly to non‑technical stakeholders and senior leaders
Experience producing concise A&A documentation and executive‑ready summaries
Knowledge of structured writing and plain‑language techniques for technical documentation
Knowledge of stakeholder analysis and change management to drive adoption of security recommendations
Ability to write crisply, edit meticulously, and proofread to ensure consistency across artifacts
Ability to facilitate working sessions, build consensus, and present recommendations confidently
Master's degree

Responsibilities

Partner with engineering and mission teams to scope controls, assess risk, remediate gaps, and sustain continuous monitoring.
Drive Assessment & Authorization (A&A) packages through Authorization to Operate (ATO).
Support Risk Management Framework (RMF) activities.