Assessment & Authorization (A&A) Risk Manager

<b>Description</b><br><p>Dragonfli Group is a cybersecurity and IT consulting firm headquartered in Washington, DC, delivering strategic solutions to government agencies and enterprise clients nationwide. We specialize in risk management, assessment &amp; authorization (A&amp;A), cloud security, and enterprise IT architecture. Our teams operate in diverse work environments—including on-site, hybrid, and fully remote—on contracts ranging from several months to multiple years.</p><p>We are seeking an <strong>Assessment &amp; Authorization (A&amp;A) Risk Manager</strong> to lead complex risk management and compliance efforts for a federal program focused on cybersecurity and enterprise application governance. The ideal candidate will combine deep knowledge of A&amp;A processes with hands-on expertise in risk analysis, application/system retirement, site security reviews, and compliance documentation management. This role requires strong analytical capabilities, the ability to communicate risk impacts at all organizational levels, and proficiency in leveraging GRC platforms to streamline processes.</p><p><strong>Key Responsibilities:</strong></p><ul><li>Conduct comprehensive risk analyses of applications to evaluate potential financial, operational, and reputational impacts of disruptions.</li><li>Lead application/system retirement initiatives, including verification of remnant removal to reduce security risks.</li><li>Plan and execute site security reviews, document findings, and provide actionable recommendations.</li><li>Advise technical and leadership teams on A&amp;A requirements, standards, and best practices (e.g., NIST RMF, FISMA).</li><li>Develop, track, analyze, and report on A&amp;A program goals, milestones, and metrics using large and complex datasets.</li><li>Review and contribute to internal cybersecurity policies, SOPs, and training materials.</li><li>Manage compliance documentation, security plans, and risk assessments within GRC tools, ServiceNow, and SharePoint environments.</li><li>Collaborate with cross-functional stakeholders to ensure effective implementation of security and risk mitigation strategies.</li></ul><p><br></p><br> <b>Requirements</b><br><p><strong>Required Skills &amp; Qualifications:</strong></p><ul><li>8+ years of experience in risk management, compliance, and information security.</li><li>Proven expertise in A&amp;A processes, NIST RMF, and FISMA compliance.</li><li>Demonstrated experience leading enterprise-level application/system retirements and decommission processes.</li><li>Strong knowledge of SDLC Retirement/Decommission methodologies.</li><li>Hands-on experience conducting site security reviews and producing executive-level reports.</li><li>Proficiency with GRC tools and platforms (ServiceNow, Archer, or equivalent).</li><li>Advanced SharePoint management skills for documentation, lists, and library administration.</li><li>Strong communication skills for technical and executive audiences.</li><li>Bachelor’s degree in cybersecurity, IT, or related field; advanced degree or industry certification (e.g., CISSP, PMP) preferred.</li></ul><p><strong>Work Environment:</strong> Morrisville, NC; remote considered.</p><p> <strong>Travel:</strong> Minimal, as required for project needs.</p><p> <strong>Clearance Requirement:</strong> U.S. citizenship or lawful permanent residency required.</p><p> <strong>AI Usage Policy:</strong> Candidates must be able to independently demonstrate technical proficiency without the use of AI tools during interviews or performance assessments.</p><br> <b>Skill(s)</b><br>None<br> <b>Benefits</b><br>None<br> <b>Travel</b><br>None<br>