Manager, Cyber Security

This role is contingent upon a contract award.

ICF is seeking an experienced Cybersecurity Manager to lead cybersecurity governance risk management compliance coordination and security integration for a complex federal technology services program. This role will be responsible for ensuring cybersecurity requirements are addressed across systems applications integrations cloud services product delivery and operational support functions.

The ideal candidate has demonstrated experience supporting federal cybersecurity programs that require RMF alignment assessment documentation POA&M management contingency planning vulnerability coordination cybersecurity reporting and integration with engineering and product delivery teams. This role requires strong knowledge of federal cybersecurity requirements practical risk management judgment and the ability to coordinate across technical program operations assessor and client stakeholder groups.

Job Location: This position is remote within the United States.

Please note that ICF monitors employee work locations restricts access from foreign locations and IP addresses and prohibits the use of personal VPN connections.

What Youll Be Doing

• Lead cybersecurity governance and RMF coordination across a complex federal technology services environment.
• Develop maintain and coordinate cybersecurity assessment documentation including FIPS 199 analyses E-Authentication Risk Assessments security control implementation statements and supporting control artifacts.
• Support system teams product teams security assessors and client stakeholders in preparing and maintaining cybersecurity evidence and compliance documentation.
• Evaluate cybersecurity risks associated with new capabilities including applications integrations plug-ins software tools system connections and platform changes.
• Track system security deficiencies remediation activities and Plans of Action and Milestones through closure.
• Lead or support development maintenance and testing of contingency plans for systems and services within program scope.
• Develop and maintain cybersecurity governance standard operating procedures workflows templates and reporting mechanisms.
• Coordinate cybersecurity inputs into engineering product delivery architecture DevSecOps cloud data and service operations activities.
• Support vulnerability management incident response coordination risk reviews control evidence collection and security-related data calls.
• Partner with service operations identity device network platform and application teams to ensure cybersecurity responsibilities are clear and evidence is maintained.
• Monitor cybersecurity risks issues dependencies and compliance gaps and escalate items requiring leadership attention.
• Translate cybersecurity requirements and risks into practical guidance for technical teams program leadership and client stakeholders.

What You Must Have

• Bachelors Degree
• U.S. Citizenship required due to federal contract requirements.
• Must be able to obtain and maintain a Federal Public Trust clearance.
• 10 years of experience supporting cybersecurity information assurance security governance risk management compliance or RMF activities in federal or regulated environments.
• Active CISSP CISM CAP Security GSEC or equivalent cybersecurity certification.

Preferred Qualifications

• 7 years of experience supporting federal cybersecurity requirements including FISMA NIST 800-53 RMF POA&M management system assessment or authorization activities.
• 5 years of experience developing or maintaining cybersecurity assessment documentation control implementation statements security plans contingency plans risk assessments or security artifacts.
• 5 years of experience coordinating with system owners security assessors engineering teams product teams operations teams or federal cybersecurity stakeholders.
• 5 years of experience supporting vulnerability management incident response coordination remediation tracking control evidence collection or cybersecurity reporting.
• 3 years of experience evaluating cybersecurity risks for new technologies applications integrations SaaS platforms cloud services or system connections.
• 3 years of experience supporting cybersecurity governance for cloud SaaS application modernization DevSecOps data or enterprise platform environments.
• Experience supporting HHS NIH FDA CMS CDC or other health-focused federal environments.
• Experience with Zero Trust identity and access management endpoint security secure cloud architecture secure SaaS governance TIC 3.0 or continuous monitoring.
• Experience integrating cybersecurity requirements into Agile DevSecOps CI/CD product delivery and application modernization workflows.
• Experience supporting ATO packages security assessment activities security control validation audit responses and independent verification or validation reviews.
• Experience with cybersecurity tools and repositories used for POA&M tracking vulnerability management audit evidence incident coordination SIEM/SOAR or continuous monitoring.
• Experience aligning cybersecurity activities with NIST 800-53 Rev. 5 NIST 800-37 NIST 800-61 NIST 800-34 FedRAMP FISMA CISA guidance or HHS security policy.
• Experience developing cybersecurity dashboards executive risk reporting compliance scorecards and metrics-based security governance materials.
• Additional cybersecurity cloud security Agile ITIL AWS Azure Google Cloud or project management certification.

Working at ICF

Pay Range - There are multiple factors that are considered in determining final pay for a position including but not limited to relevant work experience skills certifications and competencies that align to the specified role geographic location education and certifications as well as contract provisions regarding labor categories that are specific to the position.

The pay range for this position based on full-time employment is: