Risk Manager
$155k - $165kCVP (Customer Value Partners)
Cybersecurity Risk Manager
CVP is seeking a Cybersecurity Risk Manager for a large government agency enterprise-level cybersecurity program. The Cybersecurity Risk Manager will work directly with the Cybersecurity Program Manager and the agency's CIO and CISO in cybersecurity tasks such as information security policy development and implementation; security compliance monitoring; security audit management; risk assessment; system authorization; security reporting; and other information security-related tasks.
Responsibilities
- Identify, evaluate, and develop strategies for handling risks to reduce information security and privacy risk across the agency.
- Provide recommendations, guidance, planning, and implementation support for agency risk management activities and tools, and provide support as needed to enhance the agency's Information Security Program related to governance, optimizations, automation, and supporting tools.
- Developing an agency Information Security Risk Management Strategy in accordance with the latest released versions of NIST Special Publications (SPs) such as SP 800-37, Risk Management Framework for Information Systems and Organizations and SP 800-39, Managing Information Security Risk (as revised).
- Conducting an enterprise risk assessment and developing an agency Information Security Risk Assessment Report that addresses all findings from the assessment
- Developing an agency Privacy and Security Roadmap that recommends privacy and information security capabilities based on risks identified in the agency's Information Security Risk Assessment Report
- Developing an agency Information Security Risk Management Plan that addresses how the agency will implement and perform risk management activities regarding risk tolerance, risk assessment, risk response, risk monitoring, and risk capabilities
- Providing risk management guidance to the agency offices for A&A activities as required, ensuring continuous risk monitoring of information security control implementation effectiveness and required information security compliance requirements
- Support the Information Security and Assurance Office (ISAO) in implementing and overseeing the organization's information security risk management and security assessment and authorization (A&A) activities.
- Advise the agency on how best to tailor the revised A&A process to handle non-traditional technologies including, but not limited to, cloud, mobile, and Internet of Things.
- Provide the agency recommendations on how it can continuously monitor and assess the security posture of agency information systems over time and alert agency decision makers when an information system presents an increased risk or eminent threat to agency data and/or operations.
- Develop guidance, templates, other tools, and advice to the program offices to support their risk management and ATO activities.
- Provide risk management and information security continuous monitoring program implementation recommendations to program offices
- Track and review Plans of Actions and Milestones (POA&Ms) agency-wide to identify areas of risk as a result of unimplemented POA&Ms, a buildup of risk-based decisions, or other cross-cutting issues observed as a result of its risk management support.
- Track the A&A status for all divisions and programs that have information systems to validate they meet the requirements to protect the agency's data and operations.
- Develop the required artifacts to complete security accreditation packages for OCIO information systems and perform any required assessments, as requested. The Contractor shall provide oversight and advisory support to agency program office personnel for completion of information system A&A packages, as requested.
- Follow NIST Federal Information Processing Standards (FIPS) and Special Publications (SPs) to include, but not limited to, FIPS 199 and 200, SP 800-39, SP 800-37, SP 800-137, SP 800-60, SP 800-53, SP 800-53A, SP 800-34, SP 800-30, and SP 800-18. The Contractor shall comply with all agency IT security and Privacy policies and standards including, and the agency Privacy Impact Assessment (PIA) requirements and associated templates.
Qualifications
- Minimum of six years' experience in cybersecurity. 10+ years' experience is preferred.
- Minimum of six years' experience leading and delivering in FISMA-based and FedRAMP Assessment and Authorization (A&A) programs for comparably sized federal agencies and programs. Seven plus years' experience is preferred.
- Shall have at least one of the following industry-recognized certifications:
- Certified Information System Security Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified in Risk and Information Systems Control (CRISC)
- Familiarity with Information Technology Infrastructure Library (ITIL) Foundation Compliance (GRC) tool, continuous monitoring, and vulnerability management tools or services. Note: NIH currently uses CSAM.
- Demonstrated experience managing cybersecurity teams including personnel, workload, priorities, scheduling, and risks.
- Proven experience bringing innovative approaches to help reduce the FISMA workload and time to authorization/reauthorization through such methods as boundary consolidation, common control identification and re-use, automation, assessment readiness reviews, and digital transformation.
Desired Skills
- PMP Certification
- CISSP Certification
- Experience with Security Assessment Tools (Tenable Nessus, DBProtect, Wireshark, WebInspect)
- NIH/HHS experience
Location
- Rockville, MD (Hybrid)
Salary Band: $155-165k (Depending on experience)
About CVP
CVP is an award-winning healthcare and next-gen technology and consulting services firm solving critical problems for healthcare, national security, and public sector clients. We help organizations achieve lasting transformation.CVP is an Equal Opportunity Employer dedicated to actively recruiting individuals and providing advancement opportunities based on merit and legitimate job qualifications. We ensure that all associates receive equal opportunities based on their personal qualifications and job requirements. CVP strictly prohibits any form of discrimination or harassment.At CVP, we cultivate a work environment that encourages fairness, teamwork, and respect among all associated. We are committed to maintaining a workplace where everyone can grow both personally and professionally.
$155k - $165k
...Overview CVP is seeking an Cybersecurity Risk Manager for a large government agency enterprise-level cybersecurity program. The Cybersecurity Risk Manager will work directly with the Cybersecurity Program Manager and the agency's CIO and CISO in cybersecurity tasks...SuggestedFor contractorsWork at office$114.07k - $192.8k
...Operational Risk Manager Location : Location US-MD-Bethesda ID 2026-2237 Location : Address 7500 Old Georgetown Road Position Type Full Time Regular Business Unit Description Risk and Compliance Overview We...SuggestedFull timeWork at officeRemote workFlexible hours$155k - $165k
Customer Value Partners, Inc. is seeking a Cybersecurity Risk Manager for a large government agency enterprise-level cybersecurity program in Rockville, MD. The role involves assisting the Cybersecurity Program Manager with risk assessment, security policy development,...Suggested- ...traded financial institution is creating a new Senior Vice President role to lead its enterprise-wide Fraud and Financial Crimes Risk Management function. This is a top-of-the-house leadership position reporting directly to the Chief Risk Officer, with regular...Suggested
$104.22k - $173.69k
...Fraud Risk Manager Location: US-MD-Silver Spring. Address: 11900 Bournefield Way, Silver Spring, MD. Compensation: $104,215.00 to $173,692.00 annually. Potential additional compensation may be possible based on experience and skills. Overview EagleBank is committed to...SuggestedWork at officeLocal areaRemote work- Veritas Partners is seeking a Fraud Manager to oversee operations in fraud investigations and enhance anti-fraud measures. This role involves managing a team, conducting fraud risk assessments, and collaborating with regulatory agencies. Ideal candidates will have 8+ years...
- ...Modernization at U.S. Army Base/Post/Camp/Station (B/P/C/S) across the Continental United States (CONUS). We have an opening for a Project Risk Manager primarily responsible for supporting COMPMOD operations teams and leadership to evaluate and mitigate financial and performance...Contract workWork at officeWorldwide
- Capital One is hiring a Manager, SRE Risk Advisory and Oversight to lead technical oversight over software engineering and SRE practices. This role involves conducting risk analyses on cloud implementations and collaborating with leadership to develop strategic recommendations...
$151.9k - $173.4k
Information Technology Senior Management Forum is looking for a Manager in Risk Advisory for Enterprise Payments in McLean, VA. You will oversee the risk management activities and ensure effective communication across teams. With at least 3 years of relevant experience...- Risk Manager Capital One’s Enterprise Risk Management (ERM) Team has responsibility for helping the overall organization identify, manage, and mitigate key risks that may keep the company from achieving its strategic objectives. The Corporate Policy Office (CPO) is a dedicated...Work at officeLocal area
$114.07k - $192.8k
EagleBank is searching for an Operational Risk Manager to drive the Operational Risk Management framework. This hybrid position is based in Bethesda, Maryland. The successful candidate will lead governance, analytics, and reporting for operational risks. Candidates should...- TPRM Risk Manager Capital One is seeking an experienced and self-motivated Manager to join our Third Party Risk Management team, within the second line of defence. The TPRM team is a dedicated group of professionals whose mission is to provide value-add, independent stewardship...
$100k - $120k
...The Risk and Insurance Manager is responsible for supporting the administration, implementation, and ongoing management of the Company’s risk management, insurance, safety, and claims programs. This role focuses on identifying, evaluating, and mitigating risk exposures...Full timeFor contractorsWork at officeLocal areaMonday to FridayShift workWeekend workEarly shift- Capital One is seeking a Senior Risk Manager for their Card Risk Team in McLean, VA. The successful candidate will lead risk management initiatives, working collaboratively across teams to identify and mitigate potential risks associated with technology and AI. This role...
- Eagle Bancorp, Inc. is seeking an Operational Risk Manager located in Bethesda, MD to oversee effective risk management practices. This role supports the governance of the operational risk management program and collaborates with business lines to enhance identification...
- Ernst & Young Advisory Services Sdn Bhd in McLean is looking for a Manager in Tech Risk. You'll be pivotal in delivering high-quality IT audit services for U.S. federal agencies, ensuring compliance and security in critical sectors such as defense and healthcare. Ideal...
$126k - $190k
Freddie Mac is looking for an experienced professional for an operational risk management role in McLean, Virginia. The successful candidate will manage critical SFA operational risk and collaborate with various internal partners. With over 8 years of experience in operational...- Calvert Impact, Inc. is seeking a full-time professional in Bethesda, MD to support risk management efforts. Responsibilities include evaluating loan and investment proposals, preparing risk analyses, and contributing to portfolio reviews. The ideal candidate will possess...Full time
$177.7k - $202.8k
Capital One seeks a Senior Risk Manager for platform development in McLean, VA. You will lead risk initiatives and collaborate across teams to mitigate risks in a dynamic environment. The ideal candidate should have a strong background in risk management, project management...$126k - $190k
...environment? Do you have extensive experience with operational risk, strong analytical and interpersonal skills, and knowledge of the... .... This individual will work in conjunction with SFA Risk Management business leaders to optimally handle the division's operational...Work at office- Capital One is seeking a Manager for Brex Business Risk in McLean, VA. In this role, you will oversee the integration efforts of a large scale merger, drive alignment across lines of business, and manage complex workstreams while mitigating risks. The ideal candidate will...
- A federal consulting firm is seeking an experienced IT Advisory Manager to lead IT risk and controls assessments for federal agencies. The ideal candidate will have extensive experience in information security and IT audits, focusing on identifying weaknesses and developing...
- A global consulting firm is seeking a Manager in Risk Technology, based in McLean, Virginia. The role requires expertise in implementing ServiceNow solutions and leading projects focused on risk management. Candidates should possess strong project management skills and...Flexible hours
$96.5k - $110.1k
Card Vertical Risk Manager, Card Ability to Pay and Credit Bureau Data - Senior Associate The Card Vertical Risk Manager (VRM) role will support Card leadership in the primary areas of Ability to Pay and Credit Bureau Data. The Card Risk role supports senior leadership...Work at officeLocal area$111.6k - $204.7k
...federal agencies addressing issues in performance improvement, program effectiveness, audit and audit readiness, financial management, and Technology Risk. The EY GPS practice focuses across disciplines with defense and national security, civilian, health, and international...For contractorsSummer holidayWork at officeFlexible hours$138.1k - $315.6k
...wherever you want it to go. Join EY and help to build a better working world. EY - Life Sciences Regulatory Submissions - Senior Manager National Risk - Enterprise Risk - Reg Comp - Life Sciences - Reg Submissions - Senior Manager Our clients operate in a world where...Summer holidayFlexible hours- Information Technology Senior Management Forum is looking for a Senior Associate Product Manager in McLean, VA. The role involves owning product strategy and execution, focusing on transaction fraud solutions. You'll collaborate with cross-functional teams and lead product...
- By Light Professional IT Services in McLean, VA is seeking a Project Risk Manager to support the US Army Comprehensive Modernization program. The ideal candidate will evaluate and mitigate financial and performance risks. Requirements include a Bachelor’s Degree, 5+ years...Work at office
$96.5k - $110.1k
The Card Vertical Risk Manager (VRM) role supports Card leadership in Ability to Pay and Credit Bureau Data, functioning as a key partner in executing high‑visibility risk management activities across multiple lines of defense. These activities include product and process...Full timePart timeWork at officeLocal area$96k - $144k
Freddie Mac is seeking a motivated individual to support risk management practices in McLean, VA. This hybrid position requires a Bachelor's Degree along with 5+ years of related business experience. The role involves collaborating with partners to document technology needs...
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Risk Manager. Be the first to apply!

