About the position
Aretum is seeking a Cybersecurity Risk Assessment Engagement Manager (Project Manager) to lead and deliver cybersecurity and IT risk assessment engagements for federal clients. This role is responsible for end-to-end project execution—scope, schedule, staffing, deliverables, and client communications—while also providing hands-on leadership and technical direction for assessing government systems, identifying vulnerabilities, and improving security posture.
Due to the nature of our work as a federal consulting organization, employees may be expected to handle Controlled Unclassified Information (CUI) and must adhere to applicable safeguarding and compliance requirements.
Responsibilities
• Lead end-to-end delivery of cybersecurity/IT risk assessment engagements managing scope, scheduled, resources, risks, and deliverables
• Serve as the primary client point of contact; provide clear status updates, briefings, and issue resolution to keep stakeholders aligned
• Direct assessment activities to evaluate government systems and networks, identify vulnerabilities, and document findings and recommendations
• Oversee A&A/RMF support and author review/ required security documentations (as applicable), ensuring completeness and audit readiness
• Manage POA&M development and remediation tracking, including evidence-based closure support and continuous monitoring reporting
• Coordinate cross-functional teams (security, engineering, operations) to execute assessment plans and maintain quality standards across deliverables
• Advise technical and non-technical stakeholders on security risks, control implementation, and practical mitigation strategies
• Stay current on federal cybersecurity guidance and requirements and communicate impacts to the team and client
• Support proposal efforts and other program needs as required in a federal consulting environment
Requirements
• Minimum 5 years of experience managing cybersecurity or IT risk assessment projects (project/engagement leadership, delivery management, and client-facing communications)
• 5+ years of technical experience in Cybersecurity
• 5+ years of experience with Federal Assessment Authorization (A&A) and maintaining IT security policies/processes/guidance
• Demonstrated experience in project management, network design concepts, and testing the security of government systems to identify vulnerabilities (including coordinating assessment execution and reporting)
• 3+ years in a leadership role supporting a Federal Government Agency (or comparable federal client-facing leadership)
• Experience applying NIST Cybersecurity Framework; FedRAMP experience preferred/beneficial
• Experience developing/managing continuous monitoring and POA&Ms
• Strong written/verbal communication skills, attention to detail, and ability to advise varied audiences
• Public Trust Eligibility Required
• U.S. Work Authorization
Nice-to-haves
• Bachelor's degree in information systems, Computer Science, or related field
• GIAC Web Application Penetration Tester (GWAPT)
• Certified Ethical Hacker (CEH)
• GIAC Systems and Network Auditor (GSNA)
• Certified Penetration Tester (CPT)
• Certified Expert Penetration Tester (CEPT)
• GIAC Certified Web Application Defender (GWEB)
• Offensive Security Certified Professional (OSCP)
• CREST Penetration Testing Certifications
Benefits
• Health Care Plan (Medical, Dental & Vision)
• Retirement Plan (401k)
• Life Insurance (Basic, Voluntary & AD&D)
• Paid Time Off
• Family Leave (Maternity, Paternity)
• Short Term & Long-Term Disability
• Training & Development
Apply Now
Apply Now