DoD RMF Compliance and Risk Management Leader

🇺🇸 United States - Remote
🔒 Cybersecurity🟣 Senior

Job description

Credera is a global consulting firm that combines transformational consulting capabilities, deep industry knowledge, AI and technology expertise to deliver valuable customer experiences and accelerated growth across various industries. We continuously evolve our services to meet the needs of future organizations and reflect modern best practices. Our unique global approach provides tailored solutions, transforming the most influential brands and organizations worldwide.

Our employees, the lifeblood of our company, are passionate about making an extraordinary impact on our clients, colleagues, and communities. This passion drives how we spend our time, resources, and talents.Our commitment to our people and work has been recognized globally. Please visit our employer awards page: https://www.credera.com/awards-and-recognition.

The DoD GRC Leader ensures Department of Defense (DoD) Information Systems achieve and maintain security and compliance by applying security engineering principles throughout the system development lifecycle. This role provides strategic oversight for risk management, security architecture, compliance initiatives, and cross-functional collaboration, supporting Authorization to Operate (ATO) and adherence to DoD, NIST, and federal standards.

RESPONSIBILITIES

  • Enterprise System Security Design & Integration
    • Provide strategic leadership in designing and integrating security architectures for government information systems, ensuring alignment with DoD and NIST frameworks
    • Direct the documentation and integration of security requirements into system architectures and engineering processes
    • Oversee the implementation, validation, and continuous improvement of security controls for effective risk mitigation and compliance
    • Lead modernization and migration of systems to meet evolving security baselines and regulatory requirements
  • Risk Assessment & Mitigation
    • Lead comprehensive risk assessments, including vulnerability testing and technical evaluations, to identify and address threats and mission impacts
    • Develop and implement risk mitigation strategies, and ensure ongoing risk management in line with DoD organizational objectives and regulatory directives
    • Direct the development and execution of security assessment plans, including in-depth technical evaluations, vulnerability testing, and compliance assessments in accordance with DoD and NIST standards
    • Analyze vulnerability scan results and threat intelligence, prioritizing remediation and ensuring timely resolution of security issues
  • Compliance & Authorization
    • Oversee the Risk Management Framework (RMF) process, guiding systems through assessment and authorization phases to achieve and sustain ATO
    • Ensure accurate development and maintenance of System Security Plans (SSPs) and related compliance documentation
    • Maintain continuous monitoring and governance to ensure ongoing compliance with all applicable cybersecurity standards and directives
    • Oversee and support cybersecurity audits and inspections, driving prompt and effective technical remediation of findings
  • Continuous Monitoring & Incident Response
    • Direct the development and execution of enterprise-wide continuous monitoring strategies to maintain situational awareness and security posture
    • Oversee impact analyses for system and operational changes, ensuring informed risk decisions and regulatory compliance
    • Lead the creation and maintenance of incident response plans, and provide expert guidance during cybersecurity incidents to ensure effective mitigation and recovery
    • Serve as a senior technical advisor during cybersecurity incidents, providing expert guidance, coordination, and support to ensure effective containment, mitigation, and recovery efforts
  • Collaboration & Reporting
    • Foster collaboration with IT leadership, program managers, and key cybersecurity stakeholders throughout the system lifecycle
    • Provide executive-level briefings and reports to senior management, supporting informed decision-making and effective risk communication
    • Ensure comprehensive and audit-ready documentation for security controls, assessments, and system architecture

QUALIFICATIONS

  • Minimum 8 years progressive, hands-on Federal consulting experience, including significant DoD exposure

  • Bachelor’s degree (ABET-accredited or CAE-designated) in IT, Cybersecurity, Data Science, Information Systems, or Computer Science

  • Must have an active T3 background investigation

  • Must possess CISSP-ISSAP or CISSP-ISSEP certification

  • Technical & Security Leadership:

    • Deep expertise in DoD RMF, including system categorization, control implementation, assessment, continuous monitoring, and A&A
    • Proficient in developing/maintaining SSPs, POA&Ms, and ensuring compliance with DoD/Army security policies (e.g., DoD 8570.01-M, DoDI 8500.01, DoDI 8510.01)
    • Strong grasp of GRC standards and current cybersecurity best practices
    • Skilled in vulnerability/threat management (ACAS, SCAP, DISA STIGs, APTs) and security architecture (network, firewalls, IDS/IPS, system hardening)

  • Leadership, Communication & Business Skills:

    • Proven ability to lead and develop cross-functional teams, drive project delivery, and adapt to evolving threats in military settings
    • Expert in capturing, defining, and documenting security requirements and practices
    • Excellent problem-solving, critical thinking, and relationship-building skills
    • Strong written and verbal communication, including translating technical concepts for non-technical audiences and gaining stakeholder buy-in
    • Experience supporting business development, building client relationships, and creating business cases for Federal clients

Learn More : Credera is part of the Omnicom Precision Marketing Group (OPMG), a division of Omnicom Group Inc. OPMG is a global network of agencies that leverage data, technology, and CRM to create personalized and impactful customer experiences. OPMG offers a range of services, such as data-driven product / service design, technology strategy and implementation, CRM / loyalty strategy and activation, econometric and attribution modelling, technical and business consulting, and digital experience design and development.

Compensation: T he salary range listed is provided for informational purposes only. Credera treats all applicants as individuals, considering, but not limited to, their professional and academic experience, specialized training, certifications, and associated responsibilities as they relate to our specific industry. The salary range listed is just one component of our total compensation package for each unique employee.

We believe in recognizing and rewarding contributions at every level. While senior-level employees are eligible for a variable component as part of their compensation package, we are committed to supporting the growth and development of all team members. As employees progress in their careers, everyone will have opportunities to take on new responsibilities and become eligible for additional rewards. We strive to create an environment where everyone is empowered to succeed and advance.

Benefits : Credera provides a competitive salary and comprehensive benefits plan. Benefits include health, mental health, vision, dental, and life insurance, prescriptions, fertility and adoption benefits, community service days, paid parental leave, PTO, 14 paid holidays, matching 401(k), Healthcare & Dependent Flexible Spending Accounts, and disability benefits. For more information regarding Omnicom benefits, please visit www.omnicombenefits.com.

Hybrid Working Model: Our employees have the flexibility to work remotely two days a week. We expect team members to spend three days in person, with the freedom to choose the days and times that best suit them, their project, and their teams. You’ll collaborate with your project team to balance flexibility with the benefits of in-person connection, delivering outstanding results for our clients.The Why : In-person engagement is essential for building strong relationships with clients and colleagues. It fosters trust, encourages learning, and helps us grow as consultants and professionals.

Travel : For our consulting roles, our goal is to minimize travel, and most projects do not require extensive travel. While some projects may involve up to 80% travel for a period, the annual average for team members is typically 10%–30%. We take a personal approach to travel by considering your submitted preferences when assigning roles.

All qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity, sexual orientation, national origin, age, genetic information, veteran status, or disability.

Credera will never ask for money up front and will not use apps such as Facebook Messenger, WhatsApp or Google Hangouts for communicating with you. You should be very wary of, and carefully scrutinize, any job opportunity that asks for money prior to starting and/or one where all communications take place exclusively via chat.

Share this job:
Please let Credera know you found this job on Remote First Jobs 🙏
Credera logo

Credera

  • 1001-5000 employees
  • 8 remote jobs

Latest Jobs at Credera

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply