Remote Risk Management Jobs in McLean, VA (NOW HIRING)

This role is contingent upon a contract award.

ICF is seeking an experienced Cybersecurity Manager to lead cybersecurity governance, risk management, compliance coordination, and security integration for a complex federal technology services program. This role will be responsible for ensuring cybersecurity requirements are addressed across systems, applications, integrations, cloud services, product delivery, and operational support functions.

The ideal candidate has demonstrated experience supporting federal cybersecurity programs that require RMF alignment, assessment documentation, POA&M management, contingency planning, vulnerability coordination, cybersecurity reporting, and integration with engineering and product delivery teams. This role requires strong knowledge of federal cybersecurity requirements, practical risk management judgment, and the ability to coordinate across technical, program, operations, assessor, and client stakeholder groups.

Job Location: This position is remote within the United States.

Please note that ICF monitors employee work locations, restricts access from foreign locations and IP addresses, and prohibits the use of personal VPN connections.

• Lead cybersecurity governance and RMF coordination across a complex federal technology services environment.
• Develop, maintain, and coordinate cybersecurity assessment documentation, including FIPS 199 analyses, E-Authentication Risk Assessments, security control implementation statements, and supporting control artifacts.
• Support system teams, product teams, security assessors, and client stakeholders in preparing and maintaining cybersecurity evidence and compliance documentation.
• Evaluate cybersecurity risks associated with new capabilities, including applications, integrations, plug-ins, software tools, system connections, and platform changes.
• Track system security deficiencies, remediation activities, and Plans of Action and Milestones through closure.
• Lead or support development, maintenance, and testing of contingency plans for systems and services within program scope.
• Develop and maintain cybersecurity governance standard operating procedures, workflows, templates, and reporting mechanisms.
• Coordinate cybersecurity inputs into engineering, product delivery, architecture, DevSecOps, cloud, data, and service operations activities.
• Support vulnerability management, incident response coordination, risk reviews, control evidence collection, and security-related data calls.
• Partner with service operations, identity, device, network, platform, and application teams to ensure cybersecurity responsibilities are clear and evidence is maintained.
• Monitor cybersecurity risks, issues, dependencies, and compliance gaps, and escalate items requiring leadership attention.
• Translate cybersecurity requirements and risks into practical guidance for technical teams, program leadership, and client stakeholders.

• Bachelor's Degree
• U.S. Citizenship required due to federal contract requirements.
• Must be able to obtain and maintain a Federal Public Trust clearance.
• 10+ years of experience supporting cybersecurity, information assurance, security governance, risk management, compliance, or RMF activities in federal or regulated environments.
• Active CISSP, CISM, CAP, Security+, GSEC, or equivalent cybersecurity certification.

• 7+ years of experience supporting federal cybersecurity requirements, including FISMA, NIST 800-53, RMF, POA&M management, system assessment, or authorization activities.
• 5+ years of experience developing or maintaining cybersecurity assessment documentation, control implementation statements, security plans, contingency plans, risk assessments, or security artifacts.
• 5+ years of experience coordinating with system owners, security assessors, engineering teams, product teams, operations teams, or federal cybersecurity stakeholders.
• 5+ years of experience supporting vulnerability management, incident response coordination, remediation tracking, control evidence collection, or cybersecurity reporting.
• 3+ years of experience evaluating cybersecurity risks for new technologies, applications, integrations, SaaS platforms, cloud services, or system connections.
• 3+ years of experience supporting cybersecurity governance for cloud, SaaS, application modernization, DevSecOps, data, or enterprise platform environments.
• Experience supporting HHS, NIH, FDA, CMS, CDC, or other health-focused federal environments.
• Experience with Zero Trust, identity and access management, endpoint security, secure cloud architecture, secure SaaS governance, TIC 3.0, or continuous monitoring.
• Experience integrating cybersecurity requirements into Agile, DevSecOps, CI/CD, product delivery, and application modernization workflows.
• Experience supporting ATO packages, security assessment activities, security control validation, audit responses, and independent verification or validation reviews.
• Experience with cybersecurity tools and repositories used for POA&M tracking, vulnerability management, audit evidence, incident coordination, SIEM/SOAR, or continuous monitoring.
• Experience aligning cybersecurity activities with NIST 800-53 Rev. 5, NIST 800-37, NIST 800-61, NIST 800-34, FedRAMP, FISMA, CISA guidance, or HHS security policy.
• Experience developing cybersecurity dashboards, executive risk reporting, compliance scorecards, and metrics-based security governance materials.
• Additional cybersecurity, cloud security, Agile, ITIL, AWS, Azure, Google Cloud, or project management certification.

Working at ICF

Pay Range - There are multiple factors that are considered in determining final pay for a position, including, but not limited to, relevant work experience, skills, certifications and competencies that align to the specified role, geographic location, education and certifications as well as contract provisions regarding labor categories that are specific to the position.

The pay range for this position based on full-time employment is: