Risk Manager

As the Risk Manager on the Digital Technology GRC team, you will play a central role in advancing our federal compliance posture and GRC program maturity. You will guide initiatives related to CMMC (Cybersecurity Maturity Model Certification) Level 2 readiness, NIST framework implementation, and enterprise-wide risk assessment across infrastructure, endpoints, identity, cloud, and data protection domains. You will partner closely with Security Architecture, IT Operations, SecOps, Internal Audit, Legal & Compliance, and Executives to assess risk, implement controls, and ensure our organization meets the rigorous standards required for federal contracting. You will drive compliance and risk management across key areas such as: CMMC 2.0 Level 2 Assessment Readiness & Certification NIST SP 800-171 / NIST CSF Control Mapping & Implementation Enterprise Risk Assessment & Remediation Planning System Security Plans (SSP) & Plan of Action & Milestones (POA&M) GRC Process Maturity & Automation Federal Compliance Documentation & Evidence Management This is a high-impact, high-visibility role designed for someone who combines deep knowledge of federal cybersecurity frameworks with the ability to translate technical compliance requirements into actionable plans and executive-ready communications. Risk Assessment & Management Conduct comprehensive risk assessments across infrastructure, endpoints, identity management, data protection, and cloud environments. Identify, document, and track security gaps and remediation activities in the enterprise risk register. Perform control effectiveness testing and support continuous monitoring initiatives to ensure ongoing compliance posture. Cross-Functional Collaboration & Communication Partner with Security Architecture, IT Operations, SecOps, Internal Audit, and Legal & Compliance to align security controls and risk mitigation strategies. Translate complex technical findings and compliance status into executive-ready reports, dashboards, and briefings for senior principals. Act as a subject matter expert for CMMC and NIST compliance across the organization, providing guidance and training to stakeholders. GRC Program & Process Maturity Support the development and maturation of GRC processes, including policy management, control mapping, audit support, and evidence management workflows. Evaluate and recommend GRC tooling and automation opportunities to increase efficiency and accuracy of compliance operations. Contribute to enterprise-wide assessment campaigns and support regulatory change management activities. What You Get to Do in This Role ServiceNow Platform & GRC Tooling Leverage ServiceNow IRM (Integrated Risk Management) modules — including Risk Management, Policy & Compliance Management, Audit Management, and Vendor Risk Management — to manage and operationalize compliance workflows. Utilize ServiceNow SecOps (Security Incident Response, Vulnerability Response), CMDB/APM, ITSM, and IT Asset Management to support integrated security and compliance operations. Build and maintain GRC dashboards, reports, and Performance Data views to provide executive visibility into risk posture, control coverage, and compliance status. Drive workflow automation within the ServiceNow platform to streamline evidence collection, control testing, risk scoring, and remediation tracking. Risk Assessment & Management Conduct comprehensive risk assessments across infrastructure, endpoints, identity management, data protection, and cloud environments. Identify, document, and track security gaps and remediation activities in the enterprise risk register. Perform control effectiveness testing and support continuous monitoring initiatives to ensure ongoing compliance posture. Cross-Functional Collaboration & Communication Partner with Security Architecture, IT Operations, SecOps, Internal Audit, and Legal & Compliance to align security controls and risk mitigation strategies. Translate c ... (truncated, view full listing at source)