Key skills
AWSCloudCyber SecurityAILLMSAPLeadershipCommunicationCloud Security
About this role
Role Overview
- Lead the full RMF lifecycle for LIGER’s CBP deployment, from system categorization and control selection through assessment, authorization, and continuous monitoring
- Develop, maintain, and defend the authorization package: System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), Plan of Action and Milestones (POA&M), and supporting artifacts
- Serve as LIGER’s primary security management point of contact for CBP Authorizing Officials, ISSOs, assessors, and cyber working groups
- Advise LMI and CBP leadership on system risk levels, control effectiveness, and the cybersecurity posture of the platform, including emerging risks unique to AI/LLM systems
- Develop and maintain LIGER security policies, procedures, and SOPs aligned to CBP and DHS requirements
- Direct the work of cyber engineers and ISSOs supporting LIGER, ensuring activities align to compliance objectives and program timelines
- Coordinate A&A activities across distributed teams, including engineering, infrastructure, and CBP-side stakeholders
- Track audit findings, remediation actions, and POA&M items to closure, escalating risks as needed
- Interpret noncompliance and translate it into impact assessments and risk-informed mitigation plans
- Support FedRAMP-aligned control implementation and inheritance where applicable
- Stay current on evolving DHS, CBP, and federal cybersecurity policy and translate changes into LIGER program direction.
Requirements
- Active Secret clearance and the ability to obtain a CBP Background Investigation; U.S. citizenship is required.
- Bachelor’s degree in Information Systems, Computer Science, Cybersecurity, or a related field
- 8+ years of experience in cybersecurity, information assurance, or related fields, with significant time in federal environments
- 5+ years of hands-on RMF experience, including ATO development and continuous monitoring against NIST 800-53
- Demonstrated experience leading authorization activities and serving as the primary security interface to government Authorizing Officials and assessors
- CISSP, CISM, or equivalent senior-level cybersecurity certification
- Strong working knowledge of cloud security in AWS, particularly GovCloud or similar high-compliance environments
- Experience writing, defending, and maintaining ATO-grade documentation that holds up to assessor and AO review
- Ability to translate compliance requirements into specific engineering work and direct technical staff toward closure
- Excellent written and verbal communication skills, with the ability to brief senior government and industry leaders on risk and compliance posture.
Tech Stack
- AWS
- Cloud
- Cyber Security
Benefits
- Salaried High Fringe/Full-Time