Cyber Security Risk Lead

Trilogy Federal provides financial management, information technology (IT) consulting, program management services, and strategic consulting to federal agencies. Trilogy has an extensive history helping federal clients achieve their most ambitious business modernization and optimization goals with the ability to deliver targeted subject matter expertise and full life cycle support.

Trilogy Federal is seeking a Cyber Security Risk Lead to support the Department of Veterans Affairs (VA). The ideal candidate will be a seasoned cybersecurity professional with expertise in risk management and compliance, excelling in a fast-paced, client-focused environment. This role requires a proactive, strategic leader to join our team, ensuring the security and integrity of VA corporate IT systems, including legacy applications and DevSecOps-driven initiatives. 

The selected Cyber Security Risk Lead must hold at least one of the following active certifications: CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or GIAC Security Leadership Certification (GSLC). This position will oversee cybersecurity risk assessments, mitigation strategies, and compliance efforts, aligning with VA’s Veteran-focused Integration Process (VIP) Lean-Agile framework and stringent federal security standards.

Please note this position is contingent upon award (Q2/Q3 2025), and may require occasional customer site visits in D.C.

Primary Responsibilities:

• Lead cybersecurity risk management for VA corporate IT systems, identifying, assessing, and prioritizing risks across legacy and DevSecOps environments (e.g., AWS, Azure). 
• Develop and implement risk mitigation strategies, ensuring compliance with VA security standards (e.g., FISMA, NIST 800-53, FIPS 140-2, HIPAA) and VA Handbook 6500. 
• Conduct regular security assessments, vulnerability scans, and penetration testing, collaborating with DevOps and Cloud Engineers to harden systems and CI/CD pipelines. 
• Oversee the integration of security controls (e.g., encryption, access management, monitoring) into development and deployment processes, aligning with Agile delivery cycles. 
• Serve as the primary point of contact for VA stakeholders, including the Information Security Officer (ISO) and Contracting Officer’s Representative (COR), on cybersecurity risk and compliance matters. 
• Utilize VA-approved tools (e.g., Jira, GitHub, ServiceNow) to document risk assessments, track remediation efforts, and contribute to Biweekly Status Reports on security posture and incidents. 
• Ensure alignment with the VIP Lean-Agile framework by embedding security practices into Agile ceremonies (e.g., sprint planning, retrospectives) and supporting incremental delivery. 
• Coordinate with Solution Leads and Data Architects to secure data migrations, cloud deployments, and enterprise asset management systems (e.g., IBM Maximo). 
• Monitor emerging threats and regulatory changes, advising on the adoption of technologies like AI-driven security analytics to enhance VA OIT’s cybersecurity resilience. 
• Mentor team members on cybersecurity best practices, risk management frameworks, and federal compliance, contributing to Trilogy’s staff development and technical excellence initiatives. 
• Manage incident response planning and execution, ensuring rapid resolution of security breaches and minimal impact on VA operations. 
• Drive exceptional customer satisfaction by delivering proactive, Veteran-centric cybersecurity solutions that safeguard VA systems and data. 

Minimum Requirements:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field. 
• One of the following certifications required: CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or GIAC Security Leadership Certification (GSLC). 
• 8+ years of experience in cybersecurity, risk management, or a related leadership role, with a focus on federal or VA IT environments. 
• Proven expertise in risk assessment, security compliance, and mitigation strategies, with hands-on experience using tools like Nessus, Qualys, Splunk, or Tenable. 
• Strong leadership and analytical skills, with the ability to manage complex security challenges in a dynamic, fast-paced environment. 
• Familiarity with VA security standards (e.g., FISMA, NIST, HIPAA) and the VIP Lean-Agile framework is highly desirable. 
• Proficiency in MS Office Applications (Word, Excel, PowerPoint, Visio, SharePoint) and VA-approved tools (e.g., Jira, GitHub, ServiceNow). 
• Ability to adapt to evolving security threats and travel occasionally to VA sites in Washington, D.C., as needed. 
• Ability to obtain a Public Trust Clearance

Preferred Qualifications:

• Master’s preferred
• Additional certifications such as CEH (Certified Ethical Hacker) or CRISC (Certified in Risk and Information Systems Control) preferred.

Benefits (including but not limited to):

• Health, dental, and vision plans
• Optional FSA
• Paid parental leave
• Safe Harbor 401(k) with employer contributions 100% vested from day 1
• Paid time off and 11 paid holidays
• No cost group term life/AD&D plan, and optional supplemental coverage
• Pet insurance
• Monthly phone and internet stipend
• Tuition and training reimbursement

Regarding remote positions, Trilogy Federal is able to offer virtual employment in the following states: Colorado, Connecticut, D.C., Florida, Georgia, Illinois, Maryland, New York, South Carolina, Texas, and Virginia.

Trilogy Federal is an Equal Employment Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.