×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security IT Consultant Data Security

Risk Manager

Job in Rockville, Montgomery County, Maryland, 20849, USA
Listing for: Customer Value Partners, Inc.
Full Time position
Listed on 2026-01-23
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, IT Consultant, Data Security
Salary/Wage Range or Industry Benchmark: 130000 - 140000 USD Yearly USD 130000.00 140000.00 YEAR
Job Description & How to Apply Below

Overview

CVP is seeking a Cybersecurity Risk Manager for a large government agency enterprise-level cybersecurity program. The Cybersecurity Risk Manager will work directly with the Cybersecurity Program Manager and the agency’s CIO and CISO in cybersecurity tasks such as information security policy development and implementation; security compliance monitoring; security audit management; risk assessment; system authorization; security reporting; and other information security-related tasks.

Responsibilities
  • Identify, evaluate, and develop strategies for handling risks to reduce information security and privacy risk across the agency.
  • Provide recommendations, guidance, planning, and implementation support for agency risk management activities and tools, and provide support as needed to enhance the agency’s Information Security Program related to governance, optimizations, automation, and supporting tools.
  • Developing an agency Information Security Risk Management Strategy in accordance with the latest released versions of NIST Special Publications (SPs) such as SP 800-37, Risk Management Framework for Information Systems and Organizations and SP 800-39, Managing Information Security Risk (as revised).
  • Conducting an enterprise risk assessment and developing an agency Information Security Risk Assessment Report that addresses all findings from the assessment
  • Developing an agency Privacy and Security Roadmap that recommends privacy and information security capabilities based on risks identified in the agency’s Information Security Risk Assessment Report
  • Developing an agency Information Security Risk Management Plan that addresses how the agency will implement and perform risk management activities regarding risk tolerance, risk assessment, risk response, risk monitoring, and risk capabilities
  • Providing risk management guidance to the agency offices for A&A activities as required, ensuring continuous risk monitoring of information security control implementation effectiveness and required information security compliance requirements
  • Support the Information Security and Assurance Office (ISAO) in implementing and overseeing the organization’s information security risk management and security assessment and authorization (A&A) activities.
  • Advise the agency on how best to tailor the revised A&A process to handle non-traditional technologies including, but not limited to, cloud, mobile, and Internet of Things.
  • Provide the agency recommendations on how it can continuously monitor and assess the security posture of agency information systems over time and alert agency decision makers when an information system presents an increased risk or eminent threat to agency data and/or operations.
  • Develop guidance, templates, other tools, and advice to the program offices to support their risk management and ATO activities.
  • Provide risk management and information security continuous monitoring program implementation recommendations to program offices
  • Track and review Plans of Actions and Milestones (POA&Ms) agency-wide to identify areas of risk as a result of unimplemented POA&Ms, a buildup of risk-based decisions, or other cross-cutting issues observed as a result of its risk management support.
  • Track the A&A status for all divisions and programs that have information systems to validate they meet the requirements to protect the agency’s data and operations.
  • Develop the required artifacts to complete security accreditation packages for OCIO information systems and perform any required assessments, as requested. The Contractor shall provide oversight and advisory support to agency program office personnel for completion of information system A&A packages, as requested.
  • Follow NIST Federal Information Processing Standards (FIPS) and Special Publications (SPs) to include, but not limited to, FIPS 199 and 200, SP 800-39, SP 800-37, SP 800-137, SP 800-60, SP 800-53, SP 800-53A, SP 800-34, SP 800-30, and SP 800-18. The Contractor shall comply with all agency IT security and Privacy policies and standards including, and the agency Privacy Impact Assessment (PIA) requirements and associated templates.
Qualifications
  • Minimum of six…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search