Lead end to end System Security & Privacy Plan (SSP/SSPP) development, maintenance, and updates for enterprise systems.
Drive remediation activities through POA&M management, ensuring timely closure of compliance gaps.
Translate penetration testing and vulnerability findings into actionable remediation work items (EPICs/user stories).
Coordinate with application, infrastructure, and security teams to validate remediation through re-testing and evidence.
Oversee risk-based vulnerability management, including prioritization and SLA-driven remediation.
Provide governance oversight for endpoint protection, web application security, and cloud security controls.
Produce assessor ready documentation, including configurations, monitoring evidence, approvals, and incident traceability.
Support continuous audit readiness and reduce repeat findings through disciplined governance and documentation practices.
Other duties as assigned.

Requirements

12 years of experience with Governance, Risk, and Compliance (GRC), Enterprise Security and Security Architecture, Vulnerability Management and Penetration Testing, Cloud Security and hybrid environments.
10 years of proven experience owning SSP development end to end.
10 years of Hands on experience with CMS MARS E v2.2 or comparable federal/state security frameworks.
10 years of strong expertise in: Control implementation documentation, Audit evidence collection and validation, POA&M creation, tracking, and remediation management.
8 years of experience with the ability to translate technical security issues into compliance aligned remediation actions.
8 years of experience as a strong stakeholder with management skills across security, infrastructure, and application teams.
8 years of excellent written and verbal communication skills.
8 years of knowledge of NIST 800 53, NIST RMF, and privacy controls.
8 years of knowledge of Secure SDLC and DevSecOps practices.
Must be able to pass a background check.
May require additional background checks as required by projects and/or clients at any time during employment.
Exceptional interpersonal skills with the ability to communicate in a clear, professional, and articulate manner.
Exceptional verbal and written communication skills.
Possesses effective presentation skills.
Excellent organizational, analytical, and problem-solving skills with high-level attention to detail.
Proven ability to multitask and prioritize in a fast past environment with changing priorities; adaptable to change and a quick learner.
Must be self-motivated and able to work well independently as well as on a multi-functional team.
Ability to handle sensitive and confidential information appropriately.
Proficient in MS Office, Word, Outlook, PowerPoint, and Excel.

Benefits

Medical, Dental and Vision Insurance
Wellness Program
Flexible Spending Accounts (Healthcare, Dependent Care, Commuter)
Short-Term and Long-Term Disability options
Basic Life and AD&D Insurance (Company Provided)
Voluntary Life and AD&D options
401(k) Retirement Savings Plan with matching after one year
Paid Time Off

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Governance, Risk, and Compliance (GRC)Enterprise SecuritySecurity ArchitectureVulnerability ManagementPenetration TestingCloud SecurityControl implementation documentationAudit evidence collectionPOA&M managementSecure SDLC

Soft Skills

stakeholder managementwritten communicationverbal communicationpresentation skillsorganizational skillsanalytical skillsproblem-solving skillsmultitaskingadaptabilityself-motivation