Inclusively is partnering with a multinational professional services network to hire a Cyber Risk Management Lead Specialist. **Please note: this role is NOT an internal position with Inclusively but with the partner company.**

ABOUT INCLUSIVELY

Inclusively is a digital tech platform that empowers job seekers with disabilities, caregivers, and veterans by using Success Enablers–accommodations and personalized workplace modifications that help all job seekers reach their full potential and excel. This includes all disabilities under the ADA, including mental health conditions (e.g. anxiety, depression, PTSD), chronic illnesses (e.g. diabetes, Long COVID), and neurodivergence (e.g. autism, ADHD).

Create your profile, select Success Enablers, and connect to jobs from our partnered employers who are committed to creating diverse and inclusive teams. When registering, you must acknowledge that this platform is for people with disabilities, caregivers, and veterans. However, Inclusively does not require candidates to disclose their specific disability to join the platform.

• Authority to Operate (ATO) Lead
• Extensive experience conducting risk analysis of USPS applications to assess potential impact of disruptions on critical business functions, including financial, operational, and reputational consequences.
• Experience with and understanding of USPS processes to retire applications/systems across large organizations, including verification of remnant removal, to minimize security risks to the organization, and ability to advise application stakeholders through the process.
• Knowledge of and demonstrated experience leading USPS site security reviews at various types of facilities to assess risk, and documenting findings, observations, and recommendations.
• In-depth understanding of USPS Authorization & Assessment (A&A) requirements, standards, and best practices (e.g., NIST, FISMA) to advise security and IT professionals, application stakeholders, managers, and executives.
• Demonstrated ability to develop, track, analyze and regularly report status of goals, milestones, and metrics using complex and large data sets to measure the effectiveness of USPS A&A processes.
• Knowledge and understanding of USPS cybersecurity policies and processes sufficient to review, understand and provide inputs to internal security policies, SOPs and training documents.
• Demonstrated proficiency in using USPS’s Governance, Risk, and Compliance (GRC) tools.
• Ability to serve as subject matter expert (SME) for the USPS A&A process.
• Knowledge of or experience with the USPS SDLC Retirement/Decommission process.
• Ability to effectively manage compliance documentation, security plans, risk assessments, and other related documents within the USPS GRC tool, ServiceNow, and SharePoint environments.
• Effective communication and collaboration skills to work with cross-functional teams, stakeholders, and IT professionals.
• Own the full lifecycle of ATO packages—from boundary definition, control tailoring, and required documentation through security testing, risk acceptance, and formal authorization.
• Facilitate stakeholder workshops to map applicable NIST 800-53 controls, assign ownership, and collect evidence.
• Plan, coordinate, and track independent security assessments (penetration tests, ST&E, red/blue team exercises).
• Develop and maintain Plan of Action & Milestones (POA&M) artifacts; monitor status, escalate delays, and validate closure.
• Brief executive sponsors and Authorizing Officials (AOs) on residual risks, mitigations, and go-forward plans.
• Champion Continuous Monitoring (ConMon) to preserve the authorization—defining metrics, reporting cadences, and triggering re-accreditation activities when material changes occur.
• Vulnerability Management & Remediation
• Architect and manage an enterprise vulnerability management program covering network, cloud, container, and application layers.
• Integrate multiple scanning tools (e.g., Tenable, Qualys, Rapid7, Wiz, Snyk) into a unified workflow; ensure accurate asset inventory and risk scoring.
• Prioritize findings using CVSS, exploitability data, and mission impact; align remediation timelines with policy (e.g., critical fixes within 15 days).
• Coordinate cross-functional “patch sprints,” configuration hardening, and compensating control implementation.
• Track remediation KPIs (e.g., mean time to remediate, percent critical vulnerabilities patched) and present trend analysis to leadership.
• Continuously refine detection logic and scanning coverage to reduce false positives and blind spots.
• Policy, Governance & Strategic Advisory
• Contribute to security policies, standards, and playbooks—ensuring alignment with NIST, ISO 27001, CIS, and organizational risk appetite.
• Advise product teams on “security-by-design” practices, translating control requirements into engineering user stories.
• Conduct tabletop exercises and lessons-learned sessions to strengthen incident response, resilience, and compliance readiness.
• Track evolving regulatory requirements (e.g., CMMC, EO 14028, zero trust mandates) and translate them into actionable roadmaps.
• Team Leadership & Stakeholder Engagement
• Mentor junior analysts; provide training on RMF, FedRAMP, POA&M management, and vulnerability analysis.
• Act as primary liaison with internal audit, external assessors, and government customers.
• Foster a culture of accountability and continuous improvement across security and IT teams.

Qualifications

Required:

• Master’s degree required
• Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.
• Must possess the following certifications:
• Certified Expert Risk Management Framework Professional
• Certified Expert Cloud Security (CECS)
• Certified Continuity Manager (CCM)
• Certified Expert Independent Assessor
• FEMA Homeland Security Exercise and Evaluation Program (HSEEP)
• 12+ years in information security with at least 3 years leading ATO/RMF or FedRAMP initiatives.
• Deep familiarity with NIST 800-53, 800-37, 800-137, FedRAMP Moderate/High, STIGs, SOX, GLBA, PCI-DSS, SOC, and RMM
• Hands-on experience with vulnerability scanners, SIEM/SOAR platforms, asset discovery, and ticketing systems (e.g., ServiceNow).
• Understanding of cloud services (AWS, Azure, GCP) and container security (Kubernetes, Docker) controls.
• Competence interpreting penetration-test results and aligning remediation with DevSecOps pipelines.
• Prior USPS CISO experience required