Risk, Compliance, and Quality Assurance Specialist – Identity & Access Management Modernization

About The Position

Requirements

• 7+ years of experience in risk management, compliance, or quality assurance within cybersecurity or ICAM environments
• Experience supporting federal IT systems and compliance frameworks
• Demonstrated experience with ATO processes, risk assessments, and audit support
• Strong understanding of identity and access management concepts, including authentication, authorization, federation, and privileged access
• Experience working in cloud-based and modern identity environments
• Required Certification (one of the following): Certified Information Privacy Professional/Government (CIPP/G) Certified Information Systems Auditor (CISA) Certified in Risk and Information Systems Control (CRISC) Certified Information Systems Security Professional (CISSP)

Nice To Haves

• Experience supporting ICAM modernization or Zero Trust initiatives
• Familiarity with FICAM architecture and federal identity mandates
• Experience with identity governance, lifecycle management, and access certification processes
• Knowledge of continuous diagnostics and monitoring (CDM) and SIEM integration
• Strong analytical, documentation, and communication skills

Responsibilities

• Ensure modern ICAM solutions comply with federal standards and frameworks (e.g., NIST SP 800-63, FICAM, OMB M-22-09, Zero Trust Architecture guidance)
• Conduct risk assessments across modern identity platforms, authentication mechanisms, and access controls
• Identify, document, and track security and compliance risks within the modernized environment; maintain and support the program Risk Register
• Support ATO processes for modern systems, including control validation, documentation, and audit readiness
• Evaluate integrations with external identity providers (e.g., login.gov, ID.me, external Entra tenants) for compliance and security risks
• Establish and enforce QA standards for modern ICAM implementations, including identity lifecycle, federation, and PAM solutions
• Validate that testing processes (functional, security, integration) meet program and federal requirements
• Review releases and enhancements to ensure compliance with established quality benchmarks
• Collaborate with engineering teams to ensure consistent, reliable identity service delivery in the modernized architecture
• Develop and maintain compliance documentation, SOPs, and audit artifacts for the modern ICAM environment
• Ensure alignment with identity governance policies, including RBAC/ABAC/PBAC models and least privilege principles
• Support continuous monitoring efforts, including integration with SIEM tools (e.g., Splunk)
• Provide guidance on policy enforcement across cloud-native and modern identity services
• Work closely with program leadership, security teams, and system owners to ensure compliance and quality objectives are met
• Support audits, inspections, and reporting activities with federal stakeholders
• Provide recommendations to improve risk posture and operational maturity of the modernized ICAM solution