• Understand how data is produced and consumed at a deep level in order to design risk data pipelines and models and build curated data sets to support enterprise-wide risk monitoring and reporting • Own and manage the KRI program, collaborating with first-line risk owners and second-line risk domain SMEs to design, track, and report on risk metrics across all risk types and business activities • Build and maintain risk reporting infrastructure, including dynamic dashboards, snapshot reporting, and risk data infrastructure and aggregation capabilities using existing company data sets and tools (e.g., Looker, Jira, Mode) • Meet consumers of risk data where they are by wearing an educator’s hat and training them on risk dashboards and tools • Provide data and analytical support for enterprise risk assessments, management and board reporting, exam and audit requests, and ad hoc risk data requests • Partner with leaders in Risk to translate risk program requirements into scalable, repeatable data and reporting solutions • Support the setup, maintenance, and administration of the GRC tool for all Risk teams by defining cross-team

• Design, implement, and monitor risk limits for new products. Perform daily monitoring of Value-at-Risk (VaR), stress testing, and sensitivity analysis. • Collaborate with Engineering and Product teams to refine and stress-test our Margin engine, ensuring margin requirements accurately reflect cross-product offsets and tail risks. • Assist in the design and roll-out of the Enterprise Risk Management framework. This includes defining Risk Appetite Statements (RAS), maintaining the Risk Register, and developing Key Risk Indicators (KRIs) that span across the organization. • Act as the risk lead for the launch of new products, identifying unique risks associated with event-based binary outcomes and liquidity fragmentation. • Develop forward-looking scenarios (including "black swan" events) to assess the impact of market volatility on the firm’s capital and liquidity positions. • Support the wider Risk team in Operational Risk assessments, internal audits, and regulatory reporting requirements. • Build automated risk dashboards and reporting tools using SQL/Python to provide real-time insights to the Chief Risk Officer and Senior Management.

• Leads the execution of enterprise clinical data governance and integration strategies • Establish and maintain a comprehensive clinical data inventory inclusive of data sources, attributes, ingestion pathways, ownership, downstream use cases, and refresh cadence • Develop and maintain standardized business requirement templates for clinical data acquisition • Oversee governance activities related to acquisition opportunities and data quality performance, ensuring effective documentation, risk escalation, and decision-making • Identifies and recommends clinical data acquisition opportunities by reviewing emerging trends, regulatory changes, and competitive intelligence • Drive clinical data use cases from concept through implementation — including business case development, requirements definition, technical coordination, testing, deployment, value tracking, and post-implementation optimization • Partner with Enterprise IT and Data Engineering to prioritize ingestion pipelines and interoperability enhancements (e.g., HL7/FHIR) • Oversees performance monitoring related to clinical data vendors • Ensure governance guardrails are maintained to prevent fragmented, duplicative, or misaligned clinical data acquisition efforts across business units • Serve as liaison between business domains and enterprise governance forums to ensure alignment with broader enterprise data strategy • Lead and develop a team of analysts responsible for data profiling, reconciliation, acquisition evaluation, quality monitoring, and roadmap support.

Role Description KBR is seeking a Cybersecurity Risk Management Framework (RMF) Information System Security Officer (ISSO) to support the DHA Solution Delivery Division (SDD). In this role, you will lead Assessment & Authorization (A&A) activities and guide systems through the RMF lifecycle to achieve and maintain Authorizations to Operate (ATOs) for mission-critical medical systems. You will work closely with engineers, developers, and government stakeholders to ensure compliance with NIST, DoD, and DHA cybersecurity requirements while supporting continuous monitoring and risk management efforts. This 100% remote position requires availability during standard Eastern Time (ET) day shift hours. Join KBR to contribute directly to protecting critical healthcare systems supporting warfighters and their families. - Manage one or more information systems throughout the full six-step RMF lifecycle, including assessment, authorization, and continuous monitoring activities - Serve as an RMF Subject Matter Expert (SME), advising stakeholders on cybersecurity compliance, risk posture, and ATO readiness - Develop, review, and maintain RMF packages and associated documentation, including Security Plans, POA&Ms, Risk Assessment Reports, and security control policies - Assess system compliance against NIST SP 800-53 controls and DHA RMF requirements as part of self-assessment and annual reviews - Document and maintain evidence supporting control implementation and compliance - Lead and participate in A&A and stakeholder meetings to track system status, resolve issues, and drive RMF progress - Coordinate with engineers and system owners to develop architecture diagrams, system asset inventories, and security policies - Prepare and deliver status reports to DHA leadership on system authorization and compliance efforts Qualifications - Active DoD Secret security clearance - Bachelor’s degree in cybersecurity, information technology, or related field with 6+ years of experience; or 14+ years of relevant cybersecurity/IT experience in lieu of degree. - DoD Manual 8140.03 (formerly 8570.01)-compliant certification (e.g., Security+, CISSP, CASP+/SecurityX) - Demonstrated experience performing RMF activities as an ISSO/ISSM/SME, including ATO process support and RMF package development (Security Plans, POA&Ms, architecture diagrams, system security policies, etc.) - Demonstrated experience assessing and documenting NIST SP 800-53 controls - Experience using Microsoft Office applications: Word, PowerPoint, Excel, and SharePoint Requirements - Experience using eMASS or equivalent compliance-tracking application - Experience supporting RMF processes under DHA - Familiarity with ACAS and DISA STIGs/SRGs and tools such as STIG Viewer and SCAP Compliance Checker - Familiarity with Continuous Monitoring and Risk Scoring (CMRS) - Experience using Microsoft Project to build Integrated Master Schedules (IMS) Compensation $107,600.00 - $161,400.00. The salary range posted is based on the national average. The offered rate will be based on the contract affordability and the selected candidate’s location, knowledge, skills, abilities, and/or experience, and in consideration of internal parity. Benefits - KBR offers a selection of competitive lifestyle benefits which could include a 401K plan with company match - Medical, dental, vision, life insurance, AD&D - Flexible spending account, disability, paid time off, or flexible work schedule - Support for career advancement through professional training and development