HUD - Quality Manager / Risk Assessor in Washington, District of Columbia at cFocus Software Incorporated

cFocus Software seeks a Quality Manager / Risk Assessor to join our program supporting Housing and Urban Development (HUD). This position is remote. This position requires a Public Trust clearance.
Qualifications:

• Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, or related field.
• 7+ years of experience in cybersecurity, risk assessment, or quality assurance roles.
• Experience supporting federal environments and compliance frameworks (NIST, FISMA, RMF).
• Strong understanding of SOC operations, security controls, and risk management processes.

Duties:

• Develop, implement, and maintain Quality Assurance (QA) and Quality Control (QC) processes for SOC operations.
• Establish and manage risk assessment methodologies aligned with NIST Risk Management Framework (RMF).
• Identify, analyze, and mitigate cybersecurity risks across systems, cloud environments, and SOC operations.
• Maintain and manage risk registers, POA&Ms (Plans of Action & Milestones), and remediation tracking.
• Ensure compliance with federal standards including NIST SP 800-53, FISMA, CISA directives, and OMB mandates.
• Conduct continuous monitoring and risk assessments of security controls and operational processes.
• Support audit readiness, audit response, and compliance reporting activities.
• Perform internal quality reviews and validation of SOC processes, tools, and deliverables.
• Develop and track Key Performance Indicators (KPIs) and quality metrics for SOC performance.
• Lead root cause analysis for incidents, deficiencies, and audit findings.
• Coordinate with SOC teams, engineers, auditors, and leadership to improve quality and reduce risk.
• Validate security controls, configurations, and processes against best practices and compliance requirements.
• Support development and maintenance of the Security Operations Management Plan (SOMP).
• Ensure proper documentation and reporting of risks, findings, and corrective actions.
• Provide recommendations for process improvements and risk reduction strategies.