Security and Risk Strategy Lead

Job Details

Job Location Windsor Mill, MDRemote Type Fully RemotePosition Type Full TimeEducation Level 4 Year Degree

Description

About Us:At RELI Group, our work is grounded in purpose. We partner with government agencies to solve complex challenges, improve public health, strengthen national security, and make government services more effective and efficient. Our team of over 500 professionals brings deep expertise and a shared commitment to delivering meaningful outcomes. Behind every solution is a group of experts who care deeply about impact—whether we’re supporting data-driven decisions, modernizing systems or safeguarding critical programs

Position Summary:

RELI Group is seeking an experienced Security and Risk Strategy Lead to support the execution of the Information Security and Privacy Services (ISPS) under the Marketplace System Security and Privacy Support Services (MSSPSS) contract for the Centers for Medicare & Medicaid Services (CMS), Center for Consumer Information and Insurance Oversight (CCIIO). This role is responsible for developing and operationalizing enterprise risk management (ERM) strategies, strengthening security and privacy governance, and enabling partner program integrity within ACA and NST mission systems. The position will directly support Task 7 and serve as the lead technical advisor on integrated risk frameworks, policy alignment, and strategic threat mitigation.

Responsibilities: 

• Lead the development and enhancement of ACA/NST-specific Enterprise Risk Management (ERM) frameworks aligned to CMS enterprise risk and compliance standards
• Operationalize integrated security and privacy strategies using NIST CSF, NIST PF, and NIST RMF, ensuring program-level alignment with CMS ARS and IS2P2 policy
• Design and oversee program integrity efforts including BAM strategy development and partner monitoring processes
• Provide expert guidance on aligning Marketplace security and privacy practices with emerging federal standards and executive mandates (e.g., OMB, CISA, FISMA)
• Conduct threat modeling and develop recommendations to address risks associated with AI, automation, third-party entities, and evolving partner ecosystems
• Work with GRC SMEs, Privacy Analysts, and BAM Specialists to ensure consistency in implementation across technical and governance tracks
• Develop and socialize guidance documents, policy updates, control overlays, training modules, and audit materials
• Monitor and interpret federal guidance to drive timely updates to partner agreements (EDE, ISA, CMA, IEA) and governance frameworks
• Present to senior stakeholders and serve as a thought leader on CCIIO’s enterprise security and privacy risk strategy

Qualifications

 

• Bachelor’s degree in Cybersecurity, Information Assurance, Public Policy, or a related field
• Minimum of 5 years’ experience in security strategy, risk management, threat modeling, and enterprise compliance within federal environments
• Strong knowledge of NIST Cybersecurity and Privacy Frameworks, NIST RMF, and related standards (800-30, 800-37, 800-53)
• Demonstrated experience supporting CMS, HHS, or similar federal health programs with risk and compliance responsibilities
• Experience with developing and operationalizing ERM strategies, governance frameworks, and performance monitoring dashboards (e.g., BAM)
• Proven ability to analyze emerging technologies and integrate their risks into strategic planning
• Excellent written and verbal communication skills, with experience presenting to government stakeholders and senior leadership

Preferred Qualifications:

• Direct experience supporting ACA or CMS Marketplace systems.
• Familiarity with CMS Acceptable Risk Safeguards (ARS 5.0) and IS2P2.
• Experience with BAM dashboards, governance metrics, and program integrity controls.
• Exposure to Zero Trust Architecture and federal cyber strategy implementation.
• CISSP, CRISC, or similar security certification

EEO Employer:

RELI Group is an Equal Employment Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, ancestry, citizenship status, military status, protected veteran status, religion, creed, physical or mental disability, medical condition, marital status, sex, sexual orientation, gender, gender identity or expression, age, genetic information, or any other basis protected by law, ordinance, or regulation.

HUBZone:

We encourage all candidates who live in a HUBZone to apply.  You can check to see if your address is located in a HUBZone by accessing the SBA HUBZone Map.

The annual salary range for this position is $180,000.00 to $220,000.00. Actual compensation will depend on a range of factors, including but not limited to the individual’s skills, experience, qualifications, certifications, location, other business and organizational needs, and applicable employment laws. The estimate displayed represents the typical salary range for this position and is just one component of the total compensation package for employees. RELI Group provides a variety of additional benefits to its employees. For additional details on the benefits that RELI Group offers click here