We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
#alert
Back to search results
New

Senior Security Risk Management SME

ANALYGENCE
United States, D.C., Washington
Jul 05, 2026
Tharros is seeking a Senior Security Risk Management SME to support a DHS Intelligence and Analysis cybersecurity program in the National Capital Region.

This role will support enterprise cybersecurity risk management, Assessment and Authorization, continuous monitoring, FISMA compliance, secure cloud and hybrid engineering, and risk-based decision support across a complex mission environment. The ideal candidate can help translate security data, authorization evidence, vulnerabilities, POA&M status, and compliance requirements into clear risk insights and actionable remediation priorities.
Responsibilities:
  • Support enterprise cybersecurity risk management across classified and unclassified mission environments.
  • Lead or support Assessment and Authorization activities for Federal information systems.
  • Support security control assessments aligned to NIST, CNSSI, Intelligence Community, and Federal cybersecurity requirements.
  • Review and validate security artifacts, including System Security Plans, Security Assessment Plans, Security Assessment Reports, POA&Ms, and authorization evidence.
  • Support POA&M development, validation, remediation tracking, closure, and reporting.
  • Collaborate with system owners, ISSOs, developers, engineers, assessors, and other stakeholders to address findings and strengthen security posture.
  • Provide risk mitigation recommendations for assigned systems, networks, applications, and environments.
  • Support continuous monitoring activities that maintain system security posture over time.
  • Help improve and automate A&A, continuous monitoring, evidence management, and risk reporting processes.
  • Support quality reviews and process improvements for authorization documentation and security control implementation.
  • Translate complex security, compliance, and technical data into leadership-ready risk insights, dashboards, briefings, and remediation recommendations.
  • Support risk management activities across cloud, hybrid, cross-domain, and secure mission environments.
  • Active TS/SCI
  • 10+ years of related cybersecurity risk management experience.
  • At least 2 years of recent experience in each of the following areas: A&A, FISMA compliance, IC cybersecurity policy and standards, continuous monitoring, CDS, and secure cloud and hybrid engineering.
  • Experience with emerging and evolving security risk management practices, including automation of A&A and continuous monitoring activities.
  • Experience applying NIST 800 series, CNSSI 1253, security controls, and RMF principles.
  • CISM, CAP, or GRC certification, or comparable demonstrable experience.
  • Experience developing, reviewing, or supporting authorization artifacts such as SSPs, SAPs, SARs, POA&Ms, risk assessments, control implementation evidence, and continuous monitoring reports.
  • Strong written and verbal communication skills, including the ability to explain risk, compliance status, and remediation needs clearly.
  • Ability to work onsite at a Government-approved location as required.


Preferred Qualifications:


  • Prior DHS, Intelligence Community, DoD, CISO office, ISSM, AO, SCA, or national security cybersecurity risk management experience.
  • Experience with enterprise RMF/A&A portfolios, ConMon automation, ATO/ATC readiness, POA&M quality, risk dashboards, GRC workflows, and evidence automation.
  • Experience with AWS, Microsoft Azure, Microsoft 365, or other cloud platforms.
  • Experience supporting classified, hybrid cloud, cross-domain, TS/SCI, or secure mission environments.
  • Experience turning vulnerability, threat, audit, compliance, system criticality, and continuous monitoring data into decision-ready risk insights.
Applied = 0

(web-77cf7d65c7-rcc7h)