CybersecurityJobs.io
← Back to all jobs

Job Description

This role provides information security leadership in support of EPA initiatives within a hybrid Washington, DC area environment, with emphasis on RMF and NIST based program development and governance.

Responsibilities

  • Provide guidance to senior stakeholders on information security initiatives spanning compliance, security awareness and training, and security operations.
  • Lead Independent Verification and Validation activities for security authorization packages and ATOs to ensure alignment with agency requirements.
  • Leverage a Governance, Risk, and Compliance tool such as Telos Xacta, CSAM, or RSA Archer to consolidate findings from assessments, audits, and vulnerability scans.
  • Coordinate government data calls (FISMA, FMFIA, BDR) and compile monthly reporting.
  • Evaluate the effectiveness of the information security and privacy training program and drive collection, analysis, and presentation of enterprise‑level security performance metrics.
  • Oversee the InfoSec Program POA&Ms, including advising on remediation activities.
  • Collaborate with senior agency security officials, system owners, ISSOs, and other stakeholders to advise and implement security solutions.
  • Identify opportunities to improve work processes and introduce innovative approaches to service delivery.
  • Engage in team problem solving and contribute ideas to resolve client challenges.
  • Conduct targeted research and data analysis and develop supporting reports.
  • Assist in drafting policies and procedures to support information security programs.
  • Implement processes to monitor risk across programs and projects.
  • Prepare executive briefings summarizing study results, analyses, and plans.
  • Support client leadership in reviewing monthly progress, documenting issues, and tracking resolutions.

Requirements

  • Ability to obtain a Public Trust.
  • Bachelor's degree in information technology or related field plus 8 years of relevant IA experience; a security certification (for example, CISSP) may substitute for up to 2 years.
  • More than 3 years in a leadership role.
  • Strong data analysis skills.
  • Excellent written and verbal communication skills.
  • In-depth knowledge of applying, selecting and testing the NIST 800-53 Rev 4 security controls.
  • In-depth knowledge of NIST 800-37 Risk Management Framework.
  • Experience with a Governance, Risk and Compliance tool (e.g., Xacta, RSA Archer, CSAM or eMASS).
  • Excellent attention to detail.
  • Ability to handle and prioritize multiple tasks and deadlines.

Technologies

  • Microsoft Copilot
  • Telos Xacta
  • CSAM
  • RSA Archer
  • eMASS

Location

Washington, DC hybrid

Compensation

Salary: USD 105,000 - 115,000 per year

Similar Jobs