1

Security Risk Management Jobs in Washington, DC (NOW HIRING)

Developing an agency Information Security Risk Management Strategy in accordance with the latest released versions of NIST Special Publications (SPs) such as SP 800-37, Risk Management Framework for ...

Developing an agency Information Security Risk Management Strategy in accordance with the latest released versions of NIST Special Publications (SPs) such as SP 800-37, Risk Management Framework for ...

Risk Manager

Rockville, MD ยท On-site

$155K - $165K/yr

Developing an agency Information Security Risk Management Strategy in accordance with the latest released versions of NIST Special Publications (SPs) such as SP 800-37, Risk Management Framework for ...

Developing an agency Information Security Risk Management Strategy in accordance with the latest released versions of NIST Special Publications (SPs) such as SP 800-37, Risk Management Framework for ...

next page

Showing results 1-20

Security Risk Management information

See Washington, DC salary details

$11

$57

$79

How much do security risk management jobs pay per hour?

As of Jul 9, 2026, the average hourly pay for security risk management in Washington, DC is $57.07, according to ZipRecruiter salary data. Most workers in this role earn between $46.25 and $68.03 per hour, depending on experience, location, and employer.

What are the typical challenges faced by professionals in Security Risk Management, and how can they be addressed?

Professionals in Security Risk Management often encounter challenges such as rapidly evolving threats, balancing security with business operations, and ensuring organization-wide compliance with regulations. Staying current with the latest risk trends and fostering cross-department collaboration are key strategies for overcoming these obstacles. Additionally, clear communication of risks to non-technical stakeholders and ongoing training are essential for building a proactive security culture and effective risk mitigation.

What is Security Risk Management?

Security Risk Management is the process of identifying, assessing, and mitigating risks to an organization's information, assets, and operations. It involves evaluating potential threats and vulnerabilities, determining their potential impact, and implementing strategies to minimize or control these risks. The goal is to protect the organization from security breaches, data loss, and other threats while ensuring compliance with legal and regulatory requirements. Security Risk Management is essential for maintaining business continuity and safeguarding reputation.

What are the key skills and qualifications needed to thrive in Security Risk Management, and why are they important?

To excel in Security Risk Management, you need a solid understanding of risk assessment frameworks, cybersecurity principles, and compliance standards, often supported by a degree in information security or related fields. Familiarity with risk management tools, security incident response systems, and certifications such as CISSP or CISM is typically required. Strong analytical thinking, communication, and decision-making skills help professionals navigate complex threats and collaborate across departments. These competencies are crucial for effectively identifying, mitigating, and communicating risks to protect organizational assets and ensure regulatory compliance.

What is the difference between Security Risk Management vs Security Analyst?

AspectSecurity Risk ManagementSecurity Analyst
CertificationsCRISC, CISSP, CISMCompTIA Security+, CISSP, CEH
Work EnvironmentStrategic, policy-focused, risk assessmentOperational, monitoring, incident response
Employer & Industry UsageOrganizations managing enterprise security risksSecurity teams, cybersecurity firms, IT departments

Security Risk Management focuses on identifying, assessing, and mitigating security risks at an organizational level, often involving policy development and strategic planning. In contrast, Security Analysts primarily monitor security systems, analyze threats, and respond to incidents. Both roles are essential but differ in scope and responsibilities within the cybersecurity field.

What job categories do people searching Security Risk Management jobs in Washington, DC look for? The top searched job categories for Security Risk Management jobs in Washington, DC are:
Infographic showing various Security Risk Management job openings in Washington, DC as of July 2026, with employment types broken down into 1% As Needed, 78% Full Time, 18% Part Time, 1% Temporary, and 2% Contract. Highlights an 87% Physical, 3% Hybrid, and 10% Remote job distribution, with an average salary of $118,707 per year, or $57.1 per hour.
Senior Security Risk Management SME

Senior Security Risk Management SME

One Federal Solution

Washington, DC โ€ข On-site

Full-time

Posted 22 days ago


Job description

One Federal Solution provides senior-level cybersecurity risk management expertise supporting A&A, FISMA compliance, IC security standards, continuous monitoring, CDS, and secure cloud/hybrid environments. We apply NIST, CNSSI 1253, and RMF principles to strengthen security posture, automate compliance activities, and deliver risk-based solutions for federal mission needs.

Senior Security Risk Management SME Task and Duties:

  • Provide senior-level security risk management subject matter expertise.
  • Support Authorization and Assessment (A&A), FISMA compliance, IC cybersecurity policy and standards, continuous monitoring, CDS, and secure cloud/hybrid engineering.
  • Apply emerging and evolving security risk management practices, including automation of A&A and continuous monitoring activities.
  • Apply NIST 800-series and CNSSI 1253 security controls, risk management framework principles, and related guidance.
  • Advise on secure cloud and hybrid engineering risk posture, compliance, and remediation approaches.

Senior Security Risk Management SME Qualifications:

  • Minimum 10 years of total related experience.
  • Minimum 2 years of recent experience in each of the following: A&A, FISMA compliance, IC cybersecurity policy and standards, continuous monitoring, CDS, and secure cloud/hybrid engineering.
  • Experience automating A&A and continuous monitoring activities.
  • Experience applying NIST 800-series and CNSSI 1253 security controls and risk management framework guidance.
  • Mandatory certification in CISM, CAP, or GRC Certification in good standing at award and throughout the period of performance, or comparable demonstrable experience.
  • Desired: certifications in AWS, Microsoft Azure, and Microsoft Office 365 cloud platforms.
About One Federal Solution

One Federal Solution (OFS) is an innovative Professional Services provider with over 20 years of experience supporting Defense and Civilian agencies. OFS specializes in Business Intelligence, Acquisition and Procurement, and other Professional Services. We are pioneers, builders, thought leaders, and pride ourselves on thinking outside the box to co-create with our customers, helping them achieve exceptional enterprise-wide outcomes. As a certified Service-Disabled Veteran-Owned Small Business (SDVOSB), OFS is committed to providing high-performance professionals who deliver excellence to our government partners.