Manager, Cyber Security

About The Position

Requirements

• Bachelor’s Degree
• U.S. Citizenship required due to federal contract requirements.
• Must be able to obtain and maintain a Federal Public Trust clearance.
• 10+ years of experience supporting cybersecurity, information assurance, security governance, risk management, compliance, or RMF activities in federal or regulated environments.
• Active CISSP, CISM, CAP, Security+, GSEC, or equivalent cybersecurity certification.

Nice To Haves

• 7+ years of experience supporting federal cybersecurity requirements, including FISMA, NIST 800-53, RMF, POA&M management, system assessment, or authorization activities.
• 5+ years of experience developing or maintaining cybersecurity assessment documentation, control implementation statements, security plans, contingency plans, risk assessments, or security artifacts.
• 5+ years of experience coordinating with system owners, security assessors, engineering teams, product teams, operations teams, or federal cybersecurity stakeholders.
• 5+ years of experience supporting vulnerability management, incident response coordination, remediation tracking, control evidence collection, or cybersecurity reporting.
• 3+ years of experience evaluating cybersecurity risks for new technologies, applications, integrations, SaaS platforms, cloud services, or system connections.
• 3+ years of experience supporting cybersecurity governance for cloud, SaaS, application modernization, DevSecOps, data, or enterprise platform environments.
• Experience supporting HHS, NIH, FDA, CMS, CDC, or other health-focused federal environments.
• Experience with Zero Trust, identity and access management, endpoint security, secure cloud architecture, secure SaaS governance, TIC 3.0, or continuous monitoring.
• Experience integrating cybersecurity requirements into Agile, DevSecOps, CI/CD, product delivery, and application modernization workflows.
• Experience supporting ATO packages, security assessment activities, security control validation, audit responses, and independent verification or validation reviews.
• Experience with cybersecurity tools and repositories used for POA&M tracking, vulnerability management, audit evidence, incident coordination, SIEM/SOAR, or continuous monitoring.
• Experience aligning cybersecurity activities with NIST 800-53 Rev. 5, NIST 800-37, NIST 800-61, NIST 800-34, FedRAMP, FISMA, CISA guidance, or HHS security policy.
• Experience developing cybersecurity dashboards, executive risk reporting, compliance scorecards, and metrics-based security governance materials.
• Additional cybersecurity, cloud security, Agile, ITIL, AWS, Azure, Google Cloud, or project management certification.

Responsibilities

• Lead cybersecurity governance and RMF coordination across a complex federal technology services environment.
• Develop, maintain, and coordinate cybersecurity assessment documentation, including FIPS 199 analyses, E-Authentication Risk Assessments, security control implementation statements, and supporting control artifacts.
• Support system teams, product teams, security assessors, and client stakeholders in preparing and maintaining cybersecurity evidence and compliance documentation.
• Evaluate cybersecurity risks associated with new capabilities, including applications, integrations, plug-ins, software tools, system connections, and platform changes.
• Track system security deficiencies, remediation activities, and Plans of Action and Milestones through closure.
• Lead or support development, maintenance, and testing of contingency plans for systems and services within program scope.
• Develop and maintain cybersecurity governance standard operating procedures, workflows, templates, and reporting mechanisms.
• Coordinate cybersecurity inputs into engineering, product delivery, architecture, DevSecOps, cloud, data, and service operations activities.
• Support vulnerability management, incident response coordination, risk reviews, control evidence collection, and security-related data calls.
• Partner with service operations, identity, device, network, platform, and application teams to ensure cybersecurity responsibilities are clear and evidence is maintained.
• Monitor cybersecurity risks, issues, dependencies, and compliance gaps, and escalate items requiring leadership attention.
• Translate cybersecurity requirements and risks into practical guidance for technical teams, program leadership, and client stakeholders.

Benefits

• ICF is an equal opportunity employer.