Description

Position Overview

We are seeking a Risk, Compliance, and Quality Assurance Specialist to support a large-scale Identity, Credential, and Access Management (ICAM) modernization initiative for a federal customer. This role is responsible for ensuring that modernized identity services and platforms comply with applicable security standards, regulatory requirements, and organizational policies while maintaining high-quality, consistent, and auditable delivery. The specialist will ensure that new capabilities are compliant, secure, and aligned with federal Zero Trust and identity governance objectives.

Requirements

Key Responsibilities

Risk & Compliance

• Ensure modern ICAM solutions comply with federal standards and frameworks (e.g., NIST SP 800-63, FICAM, OMB M-22-09, Zero Trust Architecture guidance) 
• Conduct risk assessments across modern identity platforms, authentication mechanisms, and access controls 
• Identify, document, and track security and compliance risks within the modernized environment; maintain and support the program Risk Register 
• Support ATO processes for modern systems, including control validation, documentation, and audit readiness 
• Evaluate integrations with external identity providers (e.g., login.gov, ID.me, external Entra tenants) for compliance and security risks

Quality Assurance & Testing Oversight

• Establish and enforce QA standards for modern ICAM implementations, including identity lifecycle, federation, and PAM solutions 
• Validate that testing processes (functional, security, integration) meet program and federal requirements 
• Review releases and enhancements to ensure compliance with established quality benchmarks 
• Collaborate with engineering teams to ensure consistent, reliable identity service delivery in the modernized architecture

Governance & Policy Alignment

• Develop and maintain compliance documentation, SOPs, and audit artifacts for the modern ICAM environment 
• Ensure alignment with identity governance policies, including RBAC/ABAC/PBAC models and least privilege principles 
• Support continuous monitoring efforts, including integration with SIEM tools (e.g., Splunk) 
• Provide guidance on policy enforcement across cloud-native and modern identity services=

Stakeholder Engagement

• Work closely with program leadership, security teams, and system owners to ensure compliance and quality objectives are met 
• Support audits, inspections, and reporting activities with federal stakeholders 
• Provide recommendations to improve risk posture and operational maturity of the modernized ICAM solution

Required Qualifications

• 7+ years of experience in risk management, compliance, or quality assurance within cybersecurity or ICAM environments 
• Experience supporting federal IT systems and compliance frameworks 
• Demonstrated experience with ATO processes, risk assessments, and audit support 
• Strong understanding of identity and access management concepts, including authentication, authorization, federation, and privileged access 
• Experience working in cloud-based and modern identity environments 

Required Certification (one of the following):

• Certified Information Privacy Professional/Government (CIPP/G) 
• Certified Information Systems Auditor (CISA) 
• Certified in Risk and Information Systems Control (CRISC) 
• Certified Information Systems Security Professional (CISSP)
  

Preferred Qualifications

• Experience supporting ICAM modernization or Zero Trust initiatives 
• Familiarity with FICAM architecture and federal identity mandates 
• Experience with identity governance, lifecycle management, and access certification processes 
• Knowledge of continuous diagnostics and monitoring (CDM) and SIEM integration 
• Strong analytical, documentation, and communication skills