Full-time
Risk, Compliance, and Quality Assurance Specialist / SME
Posted on 13 May 26 by Christi Saia
- Washington, DC
- $120000 - $150000 per Year
Powered by Tracker
Job Description
We are hiring for a Risk, Compliance, and Quality Assurance Specialist / SME in Washington, DC.
Required Qualifications
- *Public Trust Clearance will be required prior to supporting engagement**
- Bachelor’s degree or higher in Computer Science, Information Systems, Cybersecurity, or a related field.
- 8–12 years of demonstrated experience in ICAM, cybersecurity, or enterprise architecture.
- Relevant certifications aligned with the PWS for specialized policy, compliance, or risk roles, such as CIPP/G, CISA, CRISC, or CISSP
- Demonstrated experience in risk management, compliance, quality assurance, cybersecurity, or ICAM/IAM in complex enterprise or government environments.
- Experience developing or supporting compliance and assurance artifacts such as security plans, risk registers, vulnerability reports, compliance assessments, testing plans, and audit documentation.
- Experience supporting structured testing disciplines, including QA, UAT, defect management, remediation validation, and stakeholder signoff processes
- Experience working with security and compliance processes in cloud-based and enterprise integrated environments, which the PWS highlights as core staffing expectations across the BPA lifecycle
- Ability to coordinate effectively with architects, engineers, program leadership, stakeholders, testers, and support personnel to enforce quality and compliance standards across the program lifecycle.
Preferred Qualifications
- Experience supporting federal, [client], or other highly regulated environments with formal review, approval, and audit expectations.
- Experience supporting ATO readiness, security hardening, vulnerability management, and control validation in enterprise modernization programs
- Familiarity with compliance integration into SIEM, incident reporting, logging validation, and configuration management controls
- Experience with ICAM platforms such as Okta, SailPoint, and Microsoft Entra ID and the risks and control considerations associated with identity lifecycle, federation, and access governance.
Key Responsibilities
- Ensure the ICAM solution complies with applicable security, policy, privacy, legal, and [client] requirements throughout design, implementation, deployment, and operations, consistent with the PWS definition of the role
- Establish and maintain the Security and Compliance Framework, including authentication, authorization, identity management, access control, compliance mapping to requirements, data protection and encryption standards, and security logging and monitoring expectations
- Assess solution configurations, architecture decisions, workflows, and operational processes for compliance with [client] standards and documented call order requirements, including RTM and use case alignment
- Support preparation of security and compliance artifacts such as the Information System Security Plan, Security Compliance Report, Vulnerability & Risk Report, and supporting remediation documentation required for review and approval
- Assist the program in obtaining or supporting Authority to Operate (ATO) activities by validating controls, documenting gaps, identifying mitigation strategies, and supporting security review processes during MVP and full deployment phases
- Define and enforce quality assurance processes, test governance, and acceptance criteria for solution delivery, ensuring traceability between requirements, design, test cases, results, and defect remediation
- Develop, review, or oversee QA testing plans, test cases, expected results, actual results, and explanations of failed cases, and ensure testing is sufficiently documented for Government review
- Support and coordinate User Acceptance Testing (UAT) with stakeholder teams, including validation of test readiness, documentation of outcomes, stakeholder approvals, and management of failed or incomplete results
- Monitor and report vulnerabilities, open findings, accepted risks, waivers, mitigation timelines, and re-evaluation requirements, ensuring closure of critical, high, and medium findings and reasonable disposition of low-risk issues
- Support vulnerability assessments, security hardening, failover and disaster recovery testing, audit logging validation, and compliance integration with SIEM and related monitoring capabilities
- Review configuration changes, operational procedures, logs, alerts, incident reporting, and remediation actions to ensure the deployed solution remains compliant post-implementation
- Contribute to O&M support by assisting with periodic compliance reviews, audits, documentation maintenance, and ongoing risk monitoring after go-live
- Support training, handover, and transition activities by documenting compliance controls, testing practices, quality expectations, and operational governance needed for long-term sustainment