DoD RMF, Compliance and Risk Management Leader

Credera is a global consulting firm that combines transformational consulting capabilities, deep industry knowledge, AI and technology expertise to deliver valuable customer experiences and accelerated growth across various industries. We continuously evolve our services to meet the needs of future organizations and reflect modern best practices. Our unique global approach provides tailored solutions, transforming the most influential brands and organizations worldwide. 

Our employees, the lifeblood of our company, are passionate about making an extraordinary impact on our clients, colleagues, and communities. This passion drives how we spend our time, resources, and talents. Our commitment to our people and work has been recognized globally. Please visit our employer awards page: https://www.credera.com/awards-and-recognition. 

The DoD GRC Leader ensures Department of Defense (DoD) Information Systems achieve and maintain security and compliance by applying security engineering principles throughout the system development lifecycle. This role provides strategic oversight for risk management, security architecture, compliance initiatives, and cross-functional collaboration, supporting Authorization to Operate (ATO) and adherence to DoD, NIST, and federal standards. 

Responsibilities

• Enterprise System Security Design & Integration
• Risk Assessment & Mitigation
• Compliance & Authorization
• Continuous Monitoring & Incident Response
• Collaboration & Reporting
• Provide strategic leadership in designing and integrating security architectures for government information systems, ensuring alignment with DoD and NIST frameworks 
• Direct the documentation and integration of security requirements into system architectures and engineering processes 
• Oversee the implementation, validation, and continuous improvement of security controls for effective risk mitigation and compliance 
• Lead modernization and migration of systems to meet evolving security baselines and regulatory requirements 
• Lead comprehensive risk assessments, including vulnerability testing and technical evaluations, to identify and address threats and mission impacts
• Develop and implement risk mitigation strategies, and ensure ongoing risk management in line with DoD organizational objectives and regulatory directives
• Direct the development and execution of security assessment plans, including in-depth technical evaluations, vulnerability testing, and compliance assessments in accordance with DoD and NIST standards
• Analyze vulnerability scan results and threat intelligence, prioritizing remediation and ensuring timely resolution of security issues
• Oversee the Risk Management Framework (RMF) process, guiding systems through assessment and authorization phases to achieve and sustain ATO
• Ensure accurate development and maintenance of System Security Plans (SSPs) and related compliance documentation
• Maintain continuous monitoring and governance to ensure ongoing compliance with all applicable cybersecurity standards and directives
• Oversee and support cybersecurity audits and inspections, driving prompt and effective technical remediation of findings  
• Direct the development and execution of enterprise-wide continuous monitoring strategies to maintain situational awareness and security posture
• Oversee impact analyses for system and operational changes, ensuring informed risk decisions and regulatory compliance
• Lead the creation and maintenance of incident response plans, and provide expert guidance during cybersecurity incidents to ensure effective mitigation and recovery
• Serve as a senior technical advisor during cybersecurity incidents, providing expert guidance, coordination, and support to ensure effective containment, mitigation, and recovery efforts 
• Foster collaboration with IT leadership, program managers, and key cybersecurity stakeholders throughout the system lifecycle
• Provide executive-level briefings and reports to senior management, supporting informed decision-making and effective risk communication
• Ensure comprehensive and audit-ready documentation for security controls, assessments, and system architecture

Qualifications

• Minimum 8 years progressive, hands-on Federal consulting experience, including significant DoD exposure
• Bachelor’s degree (ABET-accredited or CAE-designated) in IT, Cybersecurity, Data Science, Information Systems, or Computer Science
• Must have an active T3 background investigation
• Must possess CISSP-ISSAP or CISSP-ISSEP certification
• Technical & Security Leadership:
• Deep expertise in DoD RMF, including system categorization, control implementation, assessment, continuous monitoring, and A&A
• Proficient in developing/maintaining SSPs, POA&Ms, and ensuring compliance with DoD/Army security policies (e.g., DoD 8570.01-M, DoDI 8500.01, DoDI 8510.01)
• Strong grasp of GRC standards and current cybersecurity best practices
• Skilled in vulnerability/threat management (ACAS, SCAP, DISA STIGs, APTs) and security architecture (network, firewalls, IDS/IPS, system hardening)
• Leadership, Communication & Business Skills:
• Proven ability to lead and develop cross-functional teams, drive project delivery, and adapt to evolving threats in military settings
• Expert in capturing, defining, and documenting security requirements and practices
• Excellent problem-solving, critical thinking, and relationship-building skills
• Strong written and verbal communication, including translating technical concepts for non-technical audiences and gaining stakeholder buy-in
• Experience supporting business development, building client relationships, and creating business cases for Federal clients

Learn More: Credera is part of the Omnicom Precision Marketing Group (OPMG), a division of Omnicom Group Inc. OPMG is a global network of agencies that leverage data, technology, and CRM to create personalized and impactful customer experiences. OPMG offers a range of services, such as data-driven product / service design, technology strategy and implementation, CRM / loyalty strategy and activation, econometric and attribution modelling, technical and business consulting, and digital experience design and development.   

Compensation: The salary range listed is provided for informational purposes only. Credera treats all applicants as individuals, considering, but not limited to, their professional and academic experience, specialized training, certifications, and associated responsibilities as they relate to our specific industry. The salary range listed is just one component of our total compensation package for each unique employee.

We believe in recognizing and rewarding contributions at every level. While senior-level employees are eligible for a variable component as part of their compensation package, we are committed to supporting the growth and development of all team members. As employees progress in their careers, everyone will have opportunities to take on new responsibilities and become eligible for additional rewards. We strive to create an environment where everyone is empowered to succeed and advance.

Benefits: Credera provides a competitive salary and comprehensive benefits plan. Benefits include health, mental health, vision, dental, and life insurance, prescriptions, fertility and adoption benefits, community service days, paid parental leave, PTO, 14 paid holidays, matching 401(k), Healthcare & Dependent Flexible Spending Accounts, and disability benefits. For more information regarding Omnicom benefits, please visit www.omnicombenefits.com.  

Hybrid Working Model: Our employees have the flexibility to work remotely two days a week. We expect team members to spend three days in person, with the freedom to choose the days and times that best suit them, their project, and their teams. You'll collaborate with your project team to balance flexibility with the benefits of in-person connection, delivering outstanding results for our clients. The Why: In-person engagement is essential for building strong relationships with clients and colleagues. It fosters trust, encourages learning, and helps us grow as consultants and professionals. 

Travel: For our consulting roles, our goal is to minimize travel, and most projects do not require extensive travel. While some projects may involve up to 80% travel for a period, the annual average for team members is typically 10%–30%. We take a personal approach to travel by considering your submitted preferences when assigning roles. 

All qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity, sexual orientation, national origin, age, genetic information, veteran status, or disability.   

Credera will never ask for money up front and will not use apps such as Facebook Messenger, WhatsApp or Google Hangouts for communicating with you. You should be very wary of, and carefully scrutinize, any job opportunity that asks for money prior to starting and/or one where all communications take place exclusively via chat.