What are the responsibilities and job description for the Internal Risk Program Manager position at take2it?
Summary
Take2 is seeking an Internal Risk Program Manager to support our federal client located in Silver Spring, MD, in a hybrid environment. This role is critical to the strategic maturation of the office, moving beyond simple policy drafting to provide holistic program leadership. Candidates must have expert knowledge of federal insider threat mandates and be highly motivated with experience in program design, a proactive approach to identifying compliance gaps, and the ability to execute complex change management without day-to-day direction.
Essential Functions
Required Education & Training
Minimum Experience & Skills Required
Desired But Not Required Qualifications
Take2 is seeking an Internal Risk Program Manager to support our federal client located in Silver Spring, MD, in a hybrid environment. This role is critical to the strategic maturation of the office, moving beyond simple policy drafting to provide holistic program leadership. Candidates must have expert knowledge of federal insider threat mandates and be highly motivated with experience in program design, a proactive approach to identifying compliance gaps, and the ability to execute complex change management without day-to-day direction.
Essential Functions
- Serving as the primary strategic advisor to the IRO Director, translating federal mandates including Executive Order 13587 and the National Insider Threat Policy into actionable agency roadmaps and maturation strategies.
- Conducting comprehensive gap analyses of the current Insider Threat Program against federal minimum standards and recommending immediate remediation strategies to move from reactive monitoring to proactive risk mitigation.
- Designing and implementing cross-functional workflows that facilitate compliant data sharing between Human Capital, Security, and Legal stakeholders to operationalize risk management.
- Drafting, reviewing, and updating internal agency policies to ensure strict alignment with NISPOM (32 CFR Part 117) and OMB Circular A-130.
- Acting as the functional bridge between IRO and Cybersecurity directorates to ensure policies integrate with EO 14028 regarding Identity Management and Zero Trust principles.
- Advising on the strategic implications of technical controls such as User Activity Monitoring (UAM) and Data Loss Prevention (DLP) to ensure technical tools support broad program intent.
- Authoring Standard Operating Procedures (SOPs) that govern the handling of insider risk indicators while ensuring legal and privacy compliance.
- Producing high-level risk assessments and briefing decks for senior agency executives, translating complex risk data into clear business decision points.
- Monitoring changes in federal legislation and proactively recommending strategic program pivots to leadership without day-to-day direction.
- Understanding the organizational policies and procedures for accuracy of solutions and deliverables to the client.
- Demonstrating a commitment to quality and customer support.
Required Education & Training
- Bachelor’s degree
Minimum Experience & Skills Required
- Eight or more years of experience
- Must have the ability to obtain the client’s Public Trust clearance
- Excellent written and verbal communication skills
- A highly motivated self-starter
- Must be motivated and have excellent customer service skills
Desired But Not Required Qualifications
- CDSE Insider Threat Program Manager (ITPM) certification
- Certified Information Systems Security Professional (CISSP) or CISM certification
- Counter-Insider Threat Certified Professional (CCITP) certification
- Expert-level knowledge of the National Insider Threat Policy, EO 13587, and NISPOM
- Proven ability to take a program from "policy on paper" to "fully operational," including defining workflows and success metrics
- Ability to speak the language of the CIO/CISO and understanding of UAM, DLP, SIEM logs, and Zero Trust Architecture
- The ability to walk into an ambiguous environment, identify what needs to be done, and do it without a task list