Risk Manager

About The Position

Requirements

• Security Clearance: Must possess an active U.S. government TS/SCI security clearance, which only a U.S. citizen can obtain
• Ability to obtain and maintain a JWICS, SAP/SAR clearance
• Education: BS/BA in Information Technology, Computer Science, or a related field (or equivalent experience) with 10+ years of experience
• Ability to obtain and maintain a JWICS, SAP/SAR clearance
• DODM 8140.03 Cybersecurity Certification (CISSP, CISM, CCISO, etc)
• Proven experience in a similar role on programs
• In-depth knowledge of project management methodologies and tools
• Proficiency in project scheduling and resource management
• Proficiency in risk management tools like ARM or Primavera Risk Analysis
• Exceptional leadership and team management abilities
• Excellent communication and interpersonal skills to effectively engage with stakeholders at all levels
• Strong problem-solving and decision-making skills
• Ability to work under pressure and manage multiple priorities effectively
• A proactive approach to risk management and conflict resolution
• Working knowledge of Agile, Agile XP, DevOps, and DevSecOps methodologies
• Networking experience
• Experience working with version control systems like Gitlab, Jira and Confluence
• Strong problem-solving skills

Nice To Haves

• Familiarity with DoD cybersecurity artifacts and tools, including RMF documentation, vulnerability findings, and compliance evidence used to support ATO or cATO decisions

Responsibilities

• Manage the project Risk Register in strict alignment with DoW RIO practices, ensuring every entry includes a clear articulation of probability, impact, mitigation plans, and ownership.
• Coordinate RMF-related risk activities with system owners, cybersecurity teams, Authorizing Official (AO) representatives, and program leadership to support Authority to Operate (ATO), Continuous ATO (cATO), and Certificate to Field (CtF) documents and the ongoing risk acceptance decisions for the software application.
• Synchronize with key stakeholders, including clients, consultants, and regulatory bodies, to ensure seamless alignment with project risk mandates and compliance standards.
• Assess cybersecurity and compliance risks related to NIST SP 80053 security controls, DoD STIGs, supply chain risk, and secure software development best practices, escalating material risks to program leadership as appropriate.
• Embed risk management directly into the Agile and DevSecOps lifecycle by integrating risk reviews into Sprint and Program Increment (PI) planning.
• Ensure all mitigation strategies are prioritized within the product backlog and reflected in long-term technical roadmaps.
• Ensure alignment with DoD acquisition and software policies, including Software Acquisition Pathway (SWP) risk considerations and continuous risk monitoring expectations for modern software programs.