What are the responsibilities and job description for the Project Manager/Lead Risk Assessment Manager position at Chameleon Integrated Services?
We are a growing information technology company that offers its employees a culture of success, the chance to work on revolutionary federal IT infrastructure, and the opportunity to grow alongside cutting-edge technology that is reshaping the industry. We are seeking forward thinking candidates that have strong experience in operational support and can help take to the next level in a pro-active stance.
Chameleon Integrated Services has expertise in operations management, quality systems, data operations and cybersecurity. We secure some of the most sensitive data for the Department of Defense and for other U.S. federal government agencies. We are known for the great care we take with clients and employees, and we believe in promoting from within.
We offer a Full Benefits package including:
- Competitive Employee Health Insurance options including dental
- 100% company paid vision plan
- 401K plan with generous company match and no vesting period
- 100% company paid life insurance
- 100% company paid long and short-term disability insurance
- Training allowance
- PTO and more
The Position:
Chameleon Integrated Services is currently looking for a Project Manager/Lead Risk Assessment Manager to support one of our state level client in Jefferson City, MO.
This is a hybrid role that requires you to live within 50 miles of Jefferson City, MO.
Overview:
The Project Manager/Lead Risk Assessment Manager will be responsible for leading planning, coordination, and the delivery of the State of Missouri’s enterprise IT security risk assessment program for the MO HealthNet Division (MHD). This role directs the full lifecycle of security risk assessments for mission-critical systems, including MMIS, BIS-EDW, PI, BSPC, EVV, and CMSP. The Project Manager serves as the primary point of coordination between MHD, ITSD, and vendor stakeholders, driving the timely completion of all assessment phases and developing actionable risk mitigation plans.
Responsibilities:
- Develop and maintain an integrated project work plan and Work Breakdown Structure (WBS) aligned with NIST SP 800-30 and ISO/IEC 27005 methodologies, incorporating milestones, deliverables, and resource assignments.
- Oversee multi-vendor coordination (e.g., IBM Watson, Wipro, Conduent, AHS, Sandata) to align assessment schedules, data requests, and technical dependencies across all participating systems.
- Conduct weekly coordination meetings, maintain and update RAID (Risks, Assumptions, Issues, Dependencies) logs, and publish detailed status reports to MHD and ITSD PMOs.
- Facilitate integration with State Security Officers, HIPAA Compliance Teams, and Executive Steering Committees, providing data-driven updates and recommendations.
- Verify all risk assessment outputs for conformance with HIPAA Security Rule, CMS MARS-E, and Missouri ITSD security policy requirements.
- Review and validate risk findings; develop prioritization matrices and remediation strategies based on likelihood and impact analysis.
- Compile and deliver formal risk reports summarizing vulnerabilities, residual risk, and recommended mitigations for executive review.
- Track all deliverables, approvals, and dependencies in the state’s designated project tracking systems to maintain audit readiness and transparency.
- Support preparation and presentation of findings to CMS or third-party auditors, as required under federal oversight.
Skills & Abilities:
- Comprehensive understanding of NIST SP 800-30, NIST SP 800-37 RMF, ISO/IEC 27005, and HIPAA/HITECH frameworks.
- Familiarity with FedRAMP, Azure Government, and AWS GovCloud security control baselines.
- Proficient in developing risk registers, assessment reports, and POA&M tracking for systems containing Protected Health Information (PHI) and Personally Identifiable Information (PII).
- Understanding of AI Risk Management Framework (AI RMF) and its application to analytical systems supporting Medicaid operations.
- Demonstrated capability to manage multi-vendor, multi-agency engagements involving complex data sharing and regulatory oversight.
- Skilled communicator with the ability to produce concise executive summaries, dashboards, and formal risk documentation for senior leadership.
- Exceptional organization and time management; capable of meeting rigid reporting cycles and maintaining accountability across parallel projects.
- Strong analytical judgment to reconcile technical findings with mission, compliance, and operational risk tolerances
- Bachelor’s degree in Information Systems, Cybersecurity, Computer Science, or a closely related discipline.
- Minimum 8 years of progressive IT project management experience.
- Minimum 4 years leading cybersecurity or risk assessment initiatives for state, federal, or healthcare entities.
- Minimum 4 years of experience supporting MMIS or equivalent Medicaid-related systems (e.g., system modernization, implementation, or security compliance).
- Required: Project Management Professional (PMP) or equivalent (active or in progress).
- Preferred: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC).
The Location: Jefferson City, MO (hybrid)
“We are an equal opportunity employer and all Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status”