Risk/ Security Controls Assessment and Remediation Manager

About The Position

Requirements

• U.S. Citizenship Required
• Must have the ability to obtain / maintain a DOE L Level or DOE Secret clearance
• Degree in computer science, engineering, cybersecurity, information technology, risk management or related field
• 5 years of experience with BS/BA; 3 years with MS/MA
• Experience in cybersecurity compliance, analyst, governance, or risk management roles
• Understanding of industry cybersecurity standards such as FISMA, NIST 800 series, ISO 27001 and regulatory compliance requirements
• Experience with vulnerability assessment, enterprise risk assessments, and remediation workflows
• Ability to analyze scan results and control findings to determine true risk to the organization
• Experience creating and managing POA&Ms or remediation plans
• Familiarity with patch management and configuration remediation processes
• Ability to lead cross-functional remediation efforts without direct authority
• Experience coordinating with engineering, IT, security, and compliance teams
• Strong project management and prioritization skills
• Strong analytical and problem-solving skills

Nice To Haves

• Hold technical and/or cybersecurity certification such as CISSP, GIAC GSEC, GIAC GCIH, CISA SSCP, CompTIA Security+
• A master's degree in computer science, engineering, cybersecurity, information technology, or related field

Responsibilities

• Lead security control assessments across systems, applications, and infrastructure
• Evaluate the effectiveness of technical, administrative, and operational security controls
• Identify control gaps, weaknesses, and residual risk
• Develop, track, and manage remediation plans in coordination with system owners
• Prioritize remediation efforts based on risk, impact, and business context
• Validate remediation actions and confirm control effectiveness post-fix
• Maintain risk registers, control assessment documentation, and remediation evidence
• Support internal and external audits, assessments, and regulatory inquiries
• Communicate risk posture, trends, and remediation status to leadership
• Work with stakeholders to continuously improve assessment and remediation processes and methodologies
• Stay current on emerging threats and incorporate lessons learned into recommendations to policies, procedures, and cybersecurity systems and network modifications
• Prepare reports and brief CSOC Manager, infrastructure stakeholders and corporate management on requests
• Contribute to the development and periodic review of security policies, standards, and control procedures
• Provide advisory support to system owners and project teams during system design or major changes
• Participate in tabletop exercises, risk workshops, and threat modeling sessions as a controls SME
• Support onboarding and training of staff on control assessment and remediation processes
• Assist with defining control metrics, KPIs, and maturity indicators
• Review and provide input on third-party risk assessments and vendor security reviews
• Support merger, acquisition, organizational role changes or system onboarding activities from a risk and controls perspective
• Track emerging threats, regulatory changes, and framework updates to inform assessment strategy
• Mentor junior risk analysts or assessment team members
• Support executive reporting and briefings on risk trends and remediation progress