Booz Allen

InformationSecurityRiskSpecialist

$62–62k Bethesda, Maryland, United States FULL TIME Remote Friendly

Market Sentiment

HIGH DEMAND

Neural analysis suggests this role is
optimal for Mid candidates.

The Brief

“Information Security Risk Specialist at Booz Allen. Skills: Risk Management Framework, Assessment & Authorization, Authority to Operate. Support Risk Management Framework (RMF) activities. Drive Assessment & Authorization (A&A) packages”

What You'll Achieve.

systems remain secure; systems remain compliant; Authorization to Operate (ATO)

Industry & Context.

Problems you'll solve

remediate gaps; drive closure of POA&Ms

Eligibility Requirements

Public Trust, government investigation, eligibility requirements, on camera during interviews, take your picture to verify identity, prevent fraud, AI usage prohibited during interviews, cameras on during meetings (virtual)

What They're Looking For.

Must Have

3+ years of experience within Information Security, Cyber Risk Management, Security Compliance Functions, NIST Risk Management Framework (RMF), Assessment & Authorization (A&A) efforts, Authority to Operate (ATO) decisions, security control assessments, Security Assessment Reports (SAR), Plans of Action & Milestones (POA&Ms), System Security Plans (SSP), NIST SP 800‑53 Rev. 5 control families, FISMA processes, Public Trust, Bachelor’s degree

Nice to Have

Experience communicating complex security concepts clearly to non‑technical stakeholders, senior leaders, concise A&A documentation, executive-ready summaries, structured writing, plain-language techniques, technical documentation, stakeholder analysis, change management, write crisply, edit meticulously, proofread, facilitate working sessions, build consensus, present recommendations confidently, Master's degree

What You'll Do.

Support Risk Management Framework (RMF) activities

Drive Assessment & Authorization (A&A) packages

Sustain continuous monitoring

Ensure systems remain secure

Ensure systems remain compliant

How You'll Work.

Team & Collaboration

Partner with engineering teams; Partner with mission teams; Communicate security concepts to non-technical stakeholders; Communicate security concepts to senior leaders; Facilitate working sessions; Build consensus

Communication Scope

Translate technical findings into risk statements; Communicate complex security concepts clearly; Write crisply; Edit meticulously; Proofread; Present recommendations confidently

Process & Methodology

Plans of Action & Milestones (POA&Ms)

Full Job Description

Information Security Risk Specialist **The Opportunity:** Cyber threats evolve constantly. In this role, you’ll turn complex risk into clear action by supporting Risk Management Framework (RMF) activities and driving Assessment & Authorization (A&A) packages through Authorization to Operate (ATO). You’ll partner with engineering and mission teams to scope controls, assess risk, remediate gaps, and sustain continuous monitoring so systems remain secure and compliant. Join us. The world can't wait. **You Have:** * 3+ years of experience within Information Security, Cyber Risk Management, or Security Compliance Functions * Experience applying NIST Risk Management Framework (RMF) across categorization, control selection or implementation, assessment, authorization, and continuous monitoring * Experience supporting Assessment & Authorization (A&A) efforts and coordinating Authority to Operate (ATO) decisions with Authorizing Officials * Experience performing security control assessments and producing artifacts such as Security Assessment Reports (SAR) and Plans of Action & Milestones (POA&Ms) * Experience developing and maintaining security documentation, including System Security Plans (SSP) and control implementation statements * Knowledge of NIST SP 800‑53 Rev. 5 control families and tailoring controls to impact levels * Knowledge of FISMA processes supporting RMF and authorization decisions * Ability to translate technical findings into risk statements and remediation recommendations aligned to mission and business priorities, plan and execute continuous monitoring (ConMon), track residual risk, and drive closure of POA&Ms * Public Trust * Bachelor’s degree **Nice If You Have:** * Experience communicating complex security concepts clearly to non‑technical stakeholders and senior leaders * Experience producing concise A&A documentation and executive‑ready summaries * Knowledge of structured writing and plain‑language techniques for technical documentation * Knowledge

Free ATS check

Applying for this Information Security Risk Specialist role?

Most applicants get filtered before a human reads their resume. See if yours makes the cut.

Should you apply? AI reads your resume vs this job — match score, gaps to address, ATS keywords.

SKILL SIGNAL 13 detected · ranked by frequency

Risk Management Framework ×6

Assessment & Authorization ×6

Authority to Operate ×6

security control assessments ×4

continuous monitoring ×4

risk statements ×4

remediation recommendations ×4

mission and business priorities ×4

stakeholder analysis ×4

change management ×4

NIST SP 800‑53 Rev. 5 ×2

NIST Risk Management Framework

FISMA

Role Details

Seniority mid

Experience 3–5 yrs

Level Mid

Work Mode Remote

Type FULL TIME

Education Bachelor’s degree

Salary Band 50k-75k

AI-Extracted Insights

Domain Areas

information-securitycyber-risk-managementsecurity-compliancerisk-management-frameworkassessment-authorizationauthority-to-operatenist-sp-800-53-rev-5fisma-processes

How to Apply on Workday

Workday has a multi-step form — save your progress after every section.
"Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
Job requisition numbers are useful when following up with HR by email.

ANONYMOUS · UNFILTERED

What do employees actually say about Booz Allen?

Real rants from real employees. Read before you apply.

Read Company Rants →