Cleared On Site Chief Security Architect for Governance, Risk and Compliance (5030)

Law Enforcement Agency OCIO's organization is moving to Information Systems Security as a Service and requires a Chief Security Architect to serve as the program’s principal technical authority, providing strategic risk advisory to OCIO leadership, Authorizing Officials, and ISSO(E)(M)s while overseeing the security posture of 600+ information systems across all classification levels. This position will be on site in Washington, DC and requires a Top-Secret Clearance.

The Chief Security Architect serves as the program’s principal technical authority, providing strategic risk advisory to OCIO leadership, Authorizing Officials, and ISSO(E)(M)s while overseeing the security posture of 600+ information systems across all classification levels.

This role translates the Customer's security vision into actionable technical guidance, validates the system categorization methodology, reviews high-risk change requests, and enables innovation through evaluation of emerging technologies (AI/ML, zero trust, cloud-native security) within the Customer's governance constraints. The Chief Security Architect leads early lifecycle security advisory to embed security in system design rather than retrofit, resolves complex technical disputes between implementation and assessment teams, and drives enterprise-wide security architecture patterns that enable consistent, defensible authorization decisions. This strategic position elevates ISaaS from tactical compliance execution to mission-enabling security partnership, ensuring the Customer maintains robust cybersecurity posture while adopting cutting-edge capabilities to counter evolving threats. The role requires balancing deep technical expertise with executive communication skills, translating complex security risks into business impacts and strategic recommendations for senior Customer leadership.

• Bachelors Degree

• 10+ years of experience

• Deep expertise with NIST implementation at scale, 800-53 controls and assessment procedures

• FISMA and Intelligence Community security frameworks

• Proven ability to design security architectures for diverse environments (on-prem, cloud, hybrid, air-gapped)

• Cloud security architecture

• AWS/Azure security services, configurations, best practices

• FedRAMP authorization process and cloud control inheritance
Some knowledge of IaC / DevSecOps principles (not sure this is a must)

• Cloud-native security patterns: ZTA, container security, serverless, etc.,

• Governance, Risk, and Compliance (must have, top skill, after the architecture/cloud)
Track record at providing technical risk assessments and recommendations
Articulate residual risk in business terms, enabling informed risk acceptance by non-technical executives

• Experience with conditional ATO strategies and balancing operational urgency with security requirements

• Experience leading or overseeing independent security assessments for diverse system types
Ability to validate assessment quality and consistency across multiple assessor teams

• Strategic and Leadership Skills (must have)

• Executive Communication – demonstrated ability to brief C-level executives and senior gov officials on complex security processes
Skill in translating technical vulnerabilities into business risk and strategic recommendations

• Experience in developing security strategies, roadmaps, and business cases for executive approval (at least serve as an advisor for these)
Proven ability to build trust and credibility with diverse stakeholders, system owners, developers, operations trams, auditors

• One of the following certifications -AWS Cloud Solutions Architect (Professional), CISSP-ISSEP

• Active TS clearance with SCI Eligibility

Preferred Skills:

• NSS and Intelligence Community Experience (nice to have)

• IC-specific security requirements (ICD 503 for cloud, ICD 705 for SCI, etc.,)

• Cross-domain solutions (CDS) and high-side/low-side data transfer security

• Audit and Compliance (nice to have, more important that they were independent audits)

• Experience in supporting FISMA audits, DOJ inspector general reviews, GAO assessments

• Understanding of OMB, DOJ, and IC Cybersecurity reporting requirements and metrics

• Ability to translate audit findings into actionable remediation paths and process improvements

Application Deadline 4-27-2026

LI-SA1

The SMX salary determination process takes into account a number of factors, including but not limited to, geographic location, Federal Government contract labor categories, relevant prior work experience, specific skills, education and certifications. At SMX, one of our Core Values is to Invest in Our People so we offer a competitive mix of compensation, learning & development opportunities, and benefits. Some key components of our robust benefits include health insurance, paid leave, and retirement.

The proposed salary for this position is:
$137,600—$231,200 USD

At SMX®, we are a team of technical and domain experts dedicated to enabling your mission. From priority national security initiatives for the DoD to highly assured and compliant solutions for healthcare, we understand that digital transformation is key to your future success.

We share your vision for the future and strive to accelerate your impact on the world. We bring both cutting edge technology and an expansive view of what’s possible to every engagement. Our delivery model and unique approaches harness our deep technical and domain knowledge, providing forward-looking insights and practical solutions to power secure mission acceleration.

SMX is an Equal Opportunity employer including disabilities and veterans.

Selected applicant may be subject to a background investigation and/or education verification.

SMX does not sponsor a new applicant for employment authorization or immigration related support for this position (i.e. H1B, F-1 OPT, F-1 STEM OPT, F-1 CPT, J-1, TN, E-2, E-3, L-1 and O-1, or any EADs or other forms of work authorization that require immigration support from an employer).