Jobs
XOR Security logoXOR Security

Governance, Risk and Compliance Program Manager- Hybrid

Job Description:  

XOR Security, An Agile Defense Company is currently seeking a Governance, Risk and Compliance Program Manager. The ideal candidate thrives in fast-paced environments, enjoys leading a diverse pool of cybersecurity professionals, and has a passion for helping customers mature their cybersecurity capabilities. The GRC Program Manager will lead a team of cross-functional cybersecurity experts in the performance of activities, including assessments & authorization (A&A) and ongoing authorization (OA), security engineering, identity and access management (IAM), cloud security architecture, vulnerability management, cybersecurity training, and policy development for a government agency. Emphasis will be placed on ensuring that the Cyber & Physical Security Branch has a positive and productive working relationship with the internal divisions and external federal partner agencies. The PM must have SME knowledge of all applicable federal cybersecurity mandates, how and where these mandates tie into Agency orders, policies, instructions, standards, handbooks and guides, and the impact of the security requirements on Agency specific systems and mission. Deep understanding and implementation of NIST guidance in relation to Risk Management Framework (RMF) is critical for success in this position.  

  *** Hybrid – 2 days a week on site in Washington, D.C. *** 

Required Qualifications:  

  • 10+ years of experience in cybersecurity, of those, at least 3+ years in security, preferably in GRC role or similar (Technology/IT Audit, Internal Audit, IT Consulting, etc.) leading teams larger than 20 resources. 
  • Bachelor’s Degree required (Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering). 
  • CISSP, CISA, CRISC, CISM or other industry-level cyber certification required. 
  • Demonstrated experience supporting development and update of policies to align with OMB, DHS, NIST, CNSS, ICD, Congressional and other cybersecurity mandates, and directives. 
  • Experience with the Cybersecurity Framework (CSF), NIST RMF, and NIST Special Publication series, including SP 800-53, 800-171, etc.  
  • Experience ensuring controls meet legal, regulatory, privacy, policy, standards and security requirements. 
  • Demonstrated knowledge in the field of risk management and compliance to efficiently work on and apply frameworks including ISO, NIST CSF, NIST 800-53, NIST 800-171, NIST 800-137, NIST 1800 series, etc. 
  • Strong written, verbal, and presentation skills required.  

Desired Qualifications:  

  • Strong program management skills. PMP certification a plus. 
  • Experience managing cross-functional talent (i.e., professionals from a variety of cybersecurity disciplines). 
  • Experience managing a variety of contract types (e.g., FFP, T&M) for a government Agency.  
  • Experience managing program financials, including labor forecasting and Estimates at Completion (EAC) monthly. 
  • Knowledge of enterprise security operations, including incident response a plus.   
  • Experience identifying and reporting enterprise security posture and system vulnerabilities using risk analytics, metrics generation, and other techniques as needed. 
  • Experience assisting government agencies with maturing or enhancing RMF/CSF implementation.  
  • Experience with reducing cost and optimizing an agency’s/organization’s cybersecurity posture through reduction, reciprocity, and increased automation. 
  • Experience with Plans of Action and Milestones (POA&M) coordination and reporting activities, such as briefing senior leadership as required by external mandates.  
  • Experience preparing responses to official requests for information from OMB, DHS, or any other agency in regard to Information Security related statistics or data. 
  • Experience providing architecture and technical guidance on enterprise-wide cybersecurity programs. 

Job Duties Include:  

  • Serve as the customer’s primary point of contact for the XOR Security team. 
  • Support the Agency’s risk management process by maintaining visibility and awareness of changes to the cyber threat landscape that impact the Agency and ensure efforts to address risk are executed efficiently and on schedule. 
  • Interface broadly with internal branch customers as well as external branch stakeholders to support achievement of the program’s strategic goals and objectives.  
  • Lead a cross-functional team of skilled and diverse cybersecurity professionals responsible for a variety of independent and/or interconnected projects.  
  • Oversee, in coordination with the GRC Lead, execution of A&A and ongoing authorization activities (including continuous monitoring) and provide guidance and technical direction to the team as required. Serve as a primary interface on status of packages to cybersecurity leadership.  
  • Oversee and provide guidance to the Security Engineering and Architecture team on initiatives, projects, and activities (e.g., cloud architecture, security engineering, vulnerability management, cyber dashboard development) related to the customer’s security priorities.  
  • Interface with other XOR Security PMs and staff on contract to ensure a coordinated and collaborated approach on program efforts in support of RMF/CSF maturity.   
  • Support the development and enhancement of security dashboards using a GRC application (e.g., CSAM / eMASS / XACTA) and/or customer tool(s) to provide role-based views (i.e., information/data) to agency executives, managers, system security officers, and key stakeholders. 
  • Provide technical guidance and best practices to the team and customers to ensure that the agency achieves maximum value from its IT investments. 
  • This is a hybrid schedule of telework and onsite; requires onsite at least 2x a week within the DC-metro area. Onsite requirements may change at the client’s discretion. 

Closing Statement:  

XOR Security, An Agile Defense offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.  

XOR Security, An Agile Defense is an Equal Opportunity Employer (EOE). M/F/D/V.  

Citizenship Clearance Requirement  Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP REQUIRED with no dual citizenship.  

Cyber Security Jobs by Category

Full Time jobsCISM jobsAudit jobsManager jobsIncident Response jobsConsulting jobsContract jobs

Cyber Security Salaries

Full Time SalaryCISM SalaryAudit SalaryManager SalaryIncident Response SalaryConsulting SalaryContract Salary