• Support implementation and oversight of security controls in accordance with federal requirements and contract obligations • Monitor compliance with government security standards and contractual security obligations • Assist with system security planning, documentation, and authorization activities • Support risk assessments, vulnerability management, and remediation tracking • Coordinate security activities across technical, operational, and program teams • Maintain security artifacts such as: System Security Plans (SSPs), Security assessment reports, POA&Ms and risk registers, Incident response and contingency documentation • Support audits, inspections, and security reviews conducted by government stakeholders, OIG, or third parties • Assist with security incident identification, reporting, and response coordination • Provide security guidance and awareness to project teams and stakeholders • Prepare status reports, briefings, and documentation for government review

• Serve as a senior subject matter expert and program lead for the Governance, Risk, and Compliance (GRC) function supporting federal information systems • Oversee enterprise GRC and RMF programs, ensuring consistency across multiple system authorizations and enclaves • Direct the risk management process, ensuring risk identification, quantification and treatment strategies align with federal and agency guidance • Lead assurance activities, validating that control implementations meet the intent of NIST 800-53 Rev.5 requirements • Govern SSP and POA&M quality, establishing standards, templates and review checkpoints across systems • Oversee cloud service provider assessments, ensuring proper inheritance of FedRAMP controls and shared responsibilities • Provide leadership for privacy and data governance, ensuring integration of PIA activities into RMF documentation • Develop and track Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to measure compliance and risk health • Drive adoption of GRC automation, Continuous Controls Monitoring (CCM) and compliance analytics • Serve as primary point of contact during audits, IG reviews and authorization package evaluations • Mentor analysts and guide cross-functional teams on risk-informed decision-making and RMF optimization

• serve as an experienced practitioner within the organization’s GRC program • managing NIST RMF lifecycle activities • conducting risk and control assessments • coordinating assurance and privacy initiatives for federal information systems • ensuring security documentation, continuous monitoring and remediation efforts meet FISMA and NIST standards • supporting ongoing authorization and compliance maturity • lead system-level RMF activities • conduct independent risk assessments • manage POA&M lifecycle • perform control assurance reviews • coordinate cloud and third-party compliance assessments • support privacy compliance • generate and present risk and compliance status reports • provide mentorship and guidance to junior analysts • collaborate across Security, IT and Privacy teams

• Responsible for business analysis and solution engineering in Cybersecurity • Support development and design of cybersecurity solutions • Collaborate with technical teams on solution architecture • Refine demand, manage dependencies, and support planning