2

Remote Vendor Risk Management Jobs in Virginia (NOW HIRING)

This remote contract-to-hire position will be originated in Falls Church, VA. * SELECTED CANDIDATES ... Familiarity with security governance, risk management, and compliance (GRC) processes. * Must be ...

Program Manager

Herndon, VA ยท On-site +1

Remote Clearance Required: Secret Position Type: Full-Time About the company: At VivSoft, we aim to ... This role requires expertise in Agile delivery, risk management, and performance monitoring within ...

Security Steward

Vienna, VA ยท Remote

$107K - $135K/yr

Remote (Atlanta, GA area) Clearance Required: Public Trust Alpha Omega is looking for a Security ... vendor environment Preferred Skills: * NIST, DISA, and HHS Security Standards and Risk Management ...

This remote contract-to-hire position will be originated in Falls Church, VA. * SELECTED CANDIDATES ... Familiarity with security governance, risk management, and compliance (GRC) processes. * Must be ...

This remote contract-to-hire position will be originated in Falls Church, VA. * SELECTED CANDIDATES ... Familiarity with security governance, risk management, and compliance (GRC) processes. * Must be ...

next page

Showing results 1-20

Remote Vendor Risk Management information

What is the difference between Remote Vendor Risk Management vs Remote Vendor Compliance Specialist?

AspectRemote Vendor Risk ManagementRemote Vendor Compliance Specialist
Primary FocusAssessing and mitigating risks associated with vendorsEnsuring vendors comply with policies and regulations
Key ResponsibilitiesRisk assessments, vendor evaluations, mitigation strategiesPolicy enforcement, compliance audits, documentation
Required CredentialsCertifications like CTPRP, vendor management experienceCompliance certifications like CCEP, audit experience
Work EnvironmentRemote, cross-functional teams, vendor interactionsRemote, regulatory and policy-focused tasks

While both roles involve working with vendors remotely, Remote Vendor Risk Management primarily focuses on identifying and reducing vendor-related risks, whereas Remote Vendor Compliance Specialists concentrate on ensuring vendors adhere to policies and regulations. Both roles require similar certifications and often collaborate to maintain vendor integrity and security.

What are some common challenges faced in a remote vendor risk management role, and how can they be addressed?

In a remote vendor risk management role, one common challenge is maintaining clear and consistent communication with both internal teams and external vendors, especially when operating across different time zones. Additionally, ensuring thorough due diligence and risk assessments without in-person site visits can be difficult. These challenges can be addressed by leveraging secure collaboration platforms, setting well-defined processes for virtual assessments, and building strong relationships through regular check-ins and transparent reporting. Proactive organization and adaptability are key to managing risks effectively in a remote environment.

What are the key skills and qualifications needed to thrive in Remote Vendor Risk Management, and why are they important?

To excel in Remote Vendor Risk Management, you need expertise in risk assessment, third-party due diligence, and compliance, often supported by a degree in business, finance, or a related field. Familiarity with risk management platforms (like Archer or LogicManager), knowledge of regulatory frameworks (such as GDPR or SOC 2), and relevant certifications (e.g., CRVPM, CTPRP) are typically required. Strong analytical thinking, effective communication, and the ability to collaborate virtually are valuable soft skills for this role. These abilities ensure organizations can identify, assess, and mitigate vendor-related risks while maintaining regulatory compliance in a remote work environment.
What are the most commonly searched types of Vendor Risk Management jobs in Virginia? The most popular types of Vendor Risk Management jobs in Virginia are:
What are popular job titles related to Remote Vendor Risk Management jobs in Virginia? For Remote Vendor Risk Management jobs in Virginia, the most frequently searched job titles are:
What job categories do people searching Remote Vendor Risk Management jobs in Virginia look for? The top searched job categories for Remote Vendor Risk Management jobs in Virginia are:
What cities in Virginia are hiring for Remote Vendor Risk Management jobs? Cities in Virginia with the most Remote Vendor Risk Management job openings:
Information System Security Officer (ISSO) Lead (Remote)

Information System Security Officer (ISSO) Lead (Remote)

Oxley Enterprises, Inc.

Stafford, VA โ€ข Remote

Full-time

Medical, Dental, Vision, Life, Retirement

Posted 2 days ago


Job description

The following states/districts are excluded from this job ad: AK, CA, CO, CT, DC, HI, LA, MA, MN, MO, NE, NV, NH, NJ, NM, NY, ND, OR, PR, RI, VT, WA, WY

Future Need - Actively Interviewing

Location: Remote in any United States jurisdiction not excluded from this job advertisement.

Lead the authorization integrity of one of the Department of Veterans Affairs (VA's) most complex multi-tenant cloud platforms. As the Information System Security Officer (ISSO) Lead, you will manage Authorization to Operate (ATO)/Approval to Connect (ATC) sustainment, security audits, and continuous monitoring across a platform undergoing active authorization boundary restructuring.

Position Description: The ISSO Lead manages all Authorization to Operate (ATO)/Approval to Connect (ATC activities, coordinates security audits and assessments, and oversees Plan of Action and Milestones (POA&M) lifecycle management across the tiered multi-tenant authorization environment.

Minimum/General Experience: 10 years of experience in information systems security

Minimum Education: Bachelor's Degree in cybersecurity, information assurance, or related field; Certified Information Systems Security Professional (CISSP) or Certified Authorization Professional (CAP) (preferred)

Essential Skills/Qualifications:

  • Expert knowledge of National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) process (e.g., Categorize, Select, Implement, Assess, Authorize, and Monitor)
  • Excellent ability to initiate actions required to establish new ATOs/ATCs
  • Excellent ability to maintain existing authorizations
  • Excellent ability to attend or conduct security audits
  • Excellent experience drafting assessment finding mitigation plans
  • Excellent knowledge of multi-tenant ATO inheritance frameworks
  • Excellent ability to support authorization boundary management between platform and tenant layers
  • Above average ability to maintain security documentation (e.g., Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), Security Impact Analysis (SIA), Business Impact Analysis (BIA), Data Security Categorization (DSC), hardware/software lists, and Ports, Protocols, and Services Management (PPSM) documents)
  • Experience supporting a federal agency
  • Excellent verbal and written communication skills

General Physical Requirements needed to perform the essential functions of this job may vary based on the location of the assignment.

  • Assignment Location - Remote
  • Sedentary Work - Exerting up to 10 pounds of force occasionally and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects.
  • Typing, communicating, repetitive motions.
  • Close visual acuity to prepare and analyze data, view computer monitors and read. May need to view presentation screens and other visual aids in a virtual setting.
  • Inside environmental conditions with protection from outside elements.

Security: Active Federal Civilian Public Trust clearance

  • U.S. Citizenship or Permanent Resident that has lived in the United States for at least 3 years

Federal Civilian Public Trust Consists of a review of up to but not limited to:

  • Covers 10 year period and in some instances lifetime events
  • OPM Security Investigations Index (SII)
  • DOD Defense Central Investigations Index (DCII)
  • National Agency Check (NAC) records
  • FBI name check
  • FBI fingerprint check
  • Credit report check
  • Written inquiries to previous employers and references listed on the application for employment
  • Potential interviews with the subject, spouse, neighbors, supervisor, coworkers
  • Law enforcement check
  • Court records check
  • Education check - Attendance and Degrees

Acceptable Credentials

Tasks/activities include, but are not limited to:

  • Initiates actions required to establish new ATOs and ATCs
  • Maintains all existing authorizations including periodic assessment oversight and staffing of all ATO audits
  • Coordinates all RMF activities with the AO, ISSO counterparts, ISO, and designated stakeholders
  • Attends or conducts all security audits including General (IG), Security Assessment and Validation Data (SAVD), Cybersecurity Compliance Task Force (CCTF), Office of Information Security (OIS), Information Security Risk Management (ISRM), Governance Risk and Compliance (GRC), and Information Security Policy & Strategy (ISPS) assessments
  • Attends closeout meetings and reviews all reported findings for accuracy
  • Drafts assessment finding mitigation plans including roadmap and timeline
  • Submits Plans of Action and Milestones (POA&M) for all prescribed remediations
  • Maintains program security documents, diagrams, and artifacts required for ATO/ATC upkeep including PTA, PIA, SIA, BIA, DSC, hardware lists, software lists, and PPSM documents
  • Collaborates with application development teams and platform architects to establish and maintain Interconnection Diagrams (ICD), High Level Diagrams (HLD), and security assessment boundary diagrams
  • Supports the Multi-Tenant Platform Evolution Strategy ensuring ATO inheritance frameworks and authorization boundaries between platform and tenant layers are clearly defined
  • Ensures no lapse in ATO status for any platform capability, service, or hosted application
  • Contributes to the monthly RMF, security, and ATO status report including authorization posture, renewal timelines, and control implementation status

Compensation & Benefits: The annual projected pay range for this position is $111,776 - $164,390 with consideration being given to various factors including but not limited to qualifications, experience, job responsibilities, and geographic location.

Oxley Enterprises, Inc. offers a full array of benefits including:

  • Medical, dental, vision and prescription drug coverage for you and your family.
  • Life Insurance, short-term disability and long-term disability paid for by the Company.
  • Supplemental coverages including Accident, Critical Illness, and Hospital.
  • Additional Life insurance coverage for you and your dependents.
  • 401k plan with various options to select based on your retirement goals.

Oxley Enterprises, Inc. is a certified service-disabled veteran-owned (SDVOSB), veteran-owned (VOSB), and woman-owned small business (WOSB) that has 26 years of experience building and delivering quality IT systems and programs. Oxley is ranked in the INC 5000 7 times (2016, 2017, 2018, 2021, 2023, 2024, 2025). Oxley is a 2019 - 2025 Department of Labor HIRE Vets Medallion Award Winner. Oxley is Virginia Values Veterans certified.

All qualified applicants will receive consideration for employment without regard to any status protected by applicable federal, state, or local law.

If you require a reasonable accommodation to apply for a position at Oxley Enterprises, Inc., please send an email to our Human Resources Department at: careers@oxleyenterprises.com with the following information:

Subject Line: Accommodation Request

Provide a description of your accommodation request

Include your contact information: Full name, Email address, Best number to reach you (optional)

We participate in the E-Verify program. http://www.dhs.gov/E-Verify