Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, or related field
7+ years of experience in cybersecurity, risk assessment, or quality assurance roles
Experience supporting federal environments and compliance frameworks (NIST, FISMA, RMF)
Strong understanding of SOC operations, security controls, and risk management processes
Requirements:
Develop, implement, and maintain QA/QC processes for SOC operations
Establish and manage risk assessment methodologies aligned with NIST RMF; identify, analyze, and mitigate cybersecurity risks across systems, cloud environments, and SOC operations
Maintain and manage risk registers, POAMs (Plans of Action and Milestones), and remediation tracking; ensure audit readiness and compliance reporting
Conduct continuous monitoring and risk assessments of security controls and operational processes
Job description
cFocus Software seeks a Quality Manager / Risk Assessor to join our program supporting Housing and Urban Development (HUD). This position is remote. This position requires a Public Trust clearance. Qualifications:
Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, or related field.
7+ years of experience in cybersecurity, risk assessment, or quality assurance roles.
Experience supporting federal environments and compliance frameworks (NIST, FISMA, RMF).
Strong understanding of SOC operations, security controls, and risk management processes.
Duties:
Develop, implement, and maintain Quality Assurance (QA) and Quality Control (QC) processes for SOC operations.
Establish and manage risk assessment methodologies aligned with NIST Risk Management Framework (RMF).
Identify, analyze, and mitigate cybersecurity risks across systems, cloud environments, and SOC operations.
Maintain and manage risk registers, POA&Ms (Plans of Action & Milestones), and remediation tracking.
Ensure compliance with federal standards including NIST SP 800-53, FISMA, CISA directives, and OMB mandates.
Conduct continuous monitoring and risk assessments of security controls and operational processes.
Support audit readiness, audit response, and compliance reporting activities.
Perform internal quality reviews and validation of SOC processes, tools, and deliverables.
Develop and track Key Performance Indicators (KPIs) and quality metrics for SOC performance.
Lead root cause analysis for incidents, deficiencies, and audit findings.
Coordinate with SOC teams, engineers, auditors, and leadership to improve quality and reduce risk.
Validate security controls, configurations, and processes against best practices and compliance requirements.
Support development and maintenance of the Security Operations Management Plan (SOMP).
Ensure proper documentation and reporting of risks, findings, and corrective actions.
Provide recommendations for process improvements and risk reduction strategies.
