Demo

Risk Manager

Customer Value Partners
Customer Value Partners Salary
Rockville, MD Full Time
POSTED ON 6/5/2026
AVAILABLE BEFORE 6/5/2027

Overview

CVP is seeking an Cybersecurity Risk Manager for a large government agency enterprise-level cybersecurity program. The Cybersecurity Risk Manager will work directly with the Cybersecurity Program Manager and the agency’s CIO and CISO in cybersecurity tasks such as information security policy development and implementation; security compliance monitoring; security audit management; risk assessment; system authorization; security reporting; and other information security-related tasks.

 

Responsibilities

  • Identify, evaluate, and develop strategies for handling risks to reduce information security and privacy risk across the agency.
  • Provide recommendations, guidance, planning, and implementation support for agency risk management activities and tools, and provide support as needed to enhance the agency’s Information Security Program related to governance, optimizations, automation, and supporting tools.
  • Developing an agency Information Security Risk Management Strategy in accordance with the latest released versions of NIST Special Publications (SPs) such as SP 800-37, Risk Management Framework for Information Systems and Organizations and SP 800-39, Managing Information Security Risk (as revised).
  • Conducting an enterprise risk assessment and developing an agency Information Security Risk Assessment Report that addresses all findings from the assessment
  • Developing an agency Privacy and Security Roadmap that recommends privacy and information security capabilities based on risks identified in the agency’s Information Security Risk Assessment Report
  • Developing an agency Information Security Risk Management Plan that addresses how the agency will implement and perform risk management activities regarding risk tolerance, risk assessment, risk response, risk monitoring, and risk capabilities
  • Providing risk management guidance to the agency offices for A&A activities as required, ensuring continuous risk monitoring of information security control implementation effectiveness and required information security compliance requirements
  • Support the Information Security and Assurance Office (ISAO) in implementing and overseeing the organization’s information security risk management and security assessment and authorization (A&A) activities.
  • Advise the agency on how best to tailor the revised A&A process to handle non-traditional technologies including, but not limited to, cloud, mobile, and Internet of Things.
  • Provide the agency recommendations on how it can continuously monitor and assess the security posture of agency information systems over time and alert agency decision makers when an information system presents an increased risk or eminent threat to agency data and/or operations.
  • Develop guidance, templates, other tools, and advice to the program offices to support their risk management and ATO activities.
  • Provide risk management and information security continuous monitoring program implementation recommendations to program offices
  • Track and review Plans of Actions and Milestones (POA&Ms) agency-wide to identify areas of risk as a result of unimplemented POA&Ms, a buildup of risk-based decisions, or other cross-cutting issues observed as a result of its risk management support.
  • Track the A&A status for all divisions and programs that have information systems to validate they meet the requirements to protect the agency’s data and operations.
  • Develop the required artifacts to complete security accreditation packages for OCIO information systems and perform any required assessments, as requested. The Contractor shall provide oversight and advisory support to agency program office personnel for completion of information system A&A packages, as requested.
  • Follow NIST Federal Information Processing Standards (FIPS) and Special Publications (SPs) to include, but not limited to, FIPS 199 and 200, SP 800-39, SP 800-37, SP 800-137, SP 800-60, SP 800-53, SP 800-53A, SP 800-34, SP 800-30, and SP 800-18. The Contractor shall comply with all agency IT security and Privacy policies and standards including, and the agency Privacy Impact Assessment (PIA) requirements and associated templates.

Qualifications

  • Minimum of six years’ experience in cybersecurity. 10 years’ experience is preferred.
  • Minimum of six years' experience leading and delivering in FISMA-based and FedRAMP Assessment and Authorization (A&A) programs for comparably sized federal agencies and programs. Seven plus years’ experience is preferred.
  • Shall have at least one of the following industry-recognized certifications:
    • Certified Information System Security Professional (CISSP)
    • Certified Information Systems Auditor (CISA)
    • Certified Information Security Manager (CISM)
    • Certified in Risk and Information Systems Control (CRISC)
  • Familiarity with Information Technology Infrastructure Library (ITIL) Foundation Compliance (GRC) tool, continuous monitoring, and vulnerability management tools or services. Note: NIH currently uses CSAM.
  • Demonstrated experience managing cybersecurity teams including personnel, workload, priorities, scheduling, and risks.
  • Proven experience bringing innovative approaches to help reduce the FISMA workload and time to authorization/reauthorization through such methods as boundary consolidation, common control identification and re-use, automation, assessment readiness reviews, and digital transformation.

Desired Skills

  • PMP Certification
  • CISSP Certification
  • Experience with Security Assessment Tools (Tenable Nessus, DBProtect, Wireshark, WebInspect)
  • NIH/HHS experience

Location

  • Rockville, MD (Hybrid)

Salary Band: $155-165k (Depending on experience)

 

About CVP

 

CVP is an award-winning healthcare and next-gen technology and consulting services firm solving critical problems for healthcare, national security, and public sector clients. We help organizations achieve lasting transformation.CVP is an Equal Opportunity Employer dedicated to actively recruiting individuals and providing advancement opportunities based on merit and legitimate job qualifications. We ensure that all associates receive equal opportunities based on their personal qualifications and job requirements. CVP strictly prohibits any form of discrimination or harassment.At CVP, we cultivate a work environment that encourages fairness, teamwork, and respect among all associated. We are committed to maintaining a workplace where everyone can grow both personally and professionally.

 

Salary : $155 - $165

If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

What is the career path for a Risk Manager?

Sign up to receive alerts about other jobs on the Risk Manager career path by checking the boxes next to the positions that interest you.
Income Estimation: 
$122,325 - $159,127
Income Estimation: 
$131,676 - $196,560
Income Estimation: 
$176,392 - $248,211
Income Estimation: 
$163,962 - $219,201
Income Estimation: 
$122,325 - $159,127
Income Estimation: 
$131,676 - $196,560
Income Estimation: 
$176,392 - $248,211
Income Estimation: 
$163,962 - $219,201
Employees: Get a Salary Increase
View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

Job openings at Customer Value Partners

Program Manager - Healthcare Transformation
Apply
  • Customer Value Partners Washington, DC
  • Overview CVP seeks a highly motivated and organized Program Manager to lead large-scale healthcare transformation programs enhancing care delivery for Vete... more
  • 1 Day Ago
Credentialing Coordinator (Entry Level)
Apply
  • Customer Value Partners Washington, DC
  • Overview CVP is seeking a motivated and detail-oriented Credentialing Coordinator to support onboarding and security processing activities for employees su... more
  • 1 Day Ago
Registered Nurse - Med/Surg
Apply
  • Customer Value Partners Fort Thomas, KY
  • Overview CVP is seeking Registered Nurses to join our team in providing our Nation's Veterans with Medical/Surgical care services at the Cincinnati VA Medi... more
  • 1 Day Ago
Technical Team Lead
Apply
  • Customer Value Partners Rockville, MD
  • Overview CVP seeks a Technical Team Lead to build solutions that embrace the culture of Agile and DevSecOps techniques. Our innovative processes and tech s... more
  • 1 Day Ago
View More Jobs at Customer Value Partners

Not the job you're looking for? Here are some other Risk Manager jobs in the Rockville, MD area that may be a better fit.

Commercial Lines Account Manager
Apply
  • Risk Strategies Bethesda, MD
  • The Account Manager's main responsibility is to manage daily client service needs for a designated book of business, which may be overseen by a Producer or... more
  • 14 Days Ago
Employee Benefits Account Manager (Bilingual Preferred)
Apply
  • Risk Strategies Company Bethesda, MD
  • The Mid-Market Account Manager is responsible for managing an assigned book of business while developing long term relationships with clients. This positio... more
  • 24 Days Ago
View More Jobs

AI Assistant is available now!

Feel free to start your new journey!