Cyber Security Lead (Health IT)

We are seeking a Cyber Security Lead to support enterprise IT initiatives in a regulated environment where security, privacy, risk management, and standards compliance are central to planning and execution. This role operates across multiple programs and governance processes and helps ensure that modernization, access, and shared services efforts are carried out with appropriate security discipline and control.

This individual will provide security and compliance expertise across strategy, governance, architecture, and delivery activities. The role is intended for someone who can work with leadership, program teams, architects, and operational stakeholders to identify security risks early, support sound decisions, and strengthen compliance posture across enterprise initiatives.

Job Location
Hybrid, with periodic onsite support as needed in Baltimore, Maryland.

What You'll Be Doing
• Provide cybersecurity and privacy subject matter expertise across enterprise IT initiatives, governance activities, and modernization efforts
• Support identification, analysis, and tracking of security and compliance risks across programs, products, and operational activities
• Advise on enterprise identity, access, authorization, and control considerations for new and existing initiatives
• Contribute to governance reviews, technical assessments, recommendations, and decision support related to cybersecurity and compliance
• Support alignment of program activities with federal security, privacy, and risk management expectations
• Participate in development of roadmaps, reports, briefings, and other artifacts that require security or compliance input
• Coordinate with program, architecture, governance, and operational teams to ensure security considerations are integrated into planning and oversight
• Help strengthen continuous improvement in compliance posture, risk visibility, and security decision-making

What You Must Have
• Bachelor's degree in cybersecurity, computer science, information technology, engineering, or a related field, and 5+ years of relevant professional experience
• CISSP, CISM, CAP, or equivalent certification
• 8+ years of experience in federal cybersecurity, enterprise security, security compliance, or risk management roles
• 8+ years of experience applying federal security standards or frameworks, including FISMA, NIST, FICAM or comparable requirements

Preferred Qualifications
• Master's degree in cybersecurity, computer science, information technology, or a related field

• 5+ years of experience supporting security risk identification, risk analysis, mitigation planning, or risk register management for enterprise IT initiatives
• 5+ years of experience supporting identity, access management, authorization controls, credentials, or related security functions
• 5+ years of experience supporting security reviews, compliance assessments, ATO, SA&A, or equivalent authorization and accreditation processes
• 5+ years of experience advising program, architecture, governance, or operational teams on cybersecurity and compliance matters
• 2+ years of experience producing security-related reports, recommendations, decision papers, or executive briefing materials
• 2+ years of experience supporting governance boards, review forums, or decision processes where cybersecurity or privacy risks were a factor
• 2+ years of experience using enterprise collaboration and tracking tools such as SharePoint, Confluence, JIRA, or M365 in support of security or compliance activities
• 2+ years of experience supporting identity modernization, shared services, or enterprise platform security initiatives
• 2+ years of experience supporting health IT, public sector modernization, or large regulated enterprise environments
• 2+ years experience supporting privacy reviews, continuous monitoring, or enterprise risk management functions

Working at ICF
ICF is a global advisory and technology services provider, but we're not your typical consultants. We combine unmatched expertise with cutting-edge technology to help clients solve their most complex challenges, navigate change, and shape the future.

We can only solve the world's toughest challenges by building a workplace that allows everyone to thrive. We are an equal opportunity employer. Together, our employees are empowered to share their expertise and collaborate with others to achieve personal and professional goals. For more information, please read our EEO policy.

We will consider for employment qualified applicants with arrest and conviction records.

Reasonable Accommodations are available, including, but not limited to, for disabled veterans, individuals with disabilities, and individuals with sincerely held religious beliefs, in all phases of the application and employment process. To request an accommodation, please email View email address on click.appcast.io and we will be happy to assist. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.


Read more about workplace discrimination rights or our benefit offerings which are included in the Transparency in (Benefits) Coverage Act.


Candidate AI Usage Policy

At ICF, we are committed to ensuring a fair interview process for all candidates based on their own skills and knowledge. As part of this commitment, the use of artificial intelligence (AI) tools to generate or assist with responses during interviews (whether in-person or virtual) is not permitted. This policy is in place to maintain the integrity and authenticity of the interview process.


However, we understand that some candidates may require accommodation that involves the use of AI. If such an accommodation is needed, candidates are instructed to contact us in advance at View email address on click.appcast.io. We are dedicated to providing the necessary support to ensure that all candidates have an equal opportunity to succeed.


Pay Range - There are multiple factors that are considered in determining final pay for a position, including, but not limited to, relevant work experience, skills, certifications and competencies that align to the specified role, geographic location, education and certifications as well as contract provisions regarding labor categories that are specific to the position.


The pay range for this position based on full-time employment is:
$108,476.00 - $184,409.00

Maryland Client Office (MD88)