Key Responsibilities
1. Lead RMF Implementation & Governance
- Lead end-to-end implementation of NIST RMF across critical systems and applications
- Oversee development and maintenance of key artifacts (SSPs, SARs, POA&Ms)
- Define and standardize control implementation approaches across the organization
- Partner with platform teams to evaluate control design, identify security gaps, and define risk-based remediation actions
2. Enterprise Risk Assessment & Risk Register Ownership
- Lead complex risk assessments (applications, infrastructure, cloud, business processes)
- Define and refine risk assessment methodologies and scoring models
- Own and govern the enterprise risk register, ensuring accuracy and completeness
- Drive risk prioritization aligned with business impact and threat landscape
- Present risk insights and trends to senior management
3. Risk Exception Governance
- Establish and manage the risk exception framework and approval workflows
- Challenge and validate risk acceptance decisions with strong business context
- Ensure compensating controls are appropriate and documented
- Track, review, and enforce expiry and renewal of exceptions
4. Reporting, Governance & Stakeholder Management
- Develop executive-level risk dashboards, KPIs, and KRIs
- Provide actionable risk insights to leadership and business stakeholders
- Support audits, regulatory reviews, and compliance initiatives
- Influence risk-based decision-making across business and technology teams
5. Process Improvement & Maturity
- Enhance and scale cyber risk management processes and frameworks
- Introduce automation and tooling (e.g., GRC platforms like ServiceNow)
- Align practices with industry standards (e.g., NIST, ISO, FAIR where applicable)
- Mentor junior analysts and uplift team capability
Required Qualifications and Experience
- Bachelor’s degree in Cyber Security, Information Security, IT, or related field
- 5–10 years of experience in cyber security risk, GRC, or information security
- Strong hands-on experience with NIST Risk Management Framework (RMF) or related framework
- Proven experience leading risk assessments and managing enterprise risk registers
- Deep understanding of security controls (e.g., NIST SP 800-53 or ISO 27001 Annex A)
- Experience working with cross-functional stakeholders (engineering, legal, business)
Leadership & Behavioral Competencies
- Ownership and accountability
- Strategic thinking with hands-on execution
- Ability to operate in ambiguity and drive structure
- Influencing without authority
- Mentorship and team development
Generating Apply Link...
