Job Description

This position is contingent upon award of contract

SOSi is seeking a highly qualified Risk Mitigation Specialist to support an Intelligence government customer. The Risk Mitigation Specialist supports the planning, implementation, and oversight of risk management activities associated with Foreign Ownership, Control, or Influence (FOCI) across the customer's business processes and systems. This position conducts risk assessments, internal control testing, corrective action plan development and execution, and continuous risk monitoring in accordance with DoD Risk Management Internal Control (RMIC) policy. The specialist curates and maintains risk management data in support of Intel governance, leveraging ServiceNow Integrated Risk Management (IRM) and Strategic Portfolio Management (SPM) applications, and applies DoD and DCSA FOCI policies to ensure compliance with emplaced mitigation plans. The Risk Mitigation Specialist also prepares detailed correspondence on FOCI matters, supports audit and assurance reporting, and conducts stakeholder outreach and engagement.

Essential Job Duties

• Perform risk assessments on business processes and systems supporting the integrated development and execution of FOCI management strategies.
• Conduct internal control testing and document results in accordance with DoD RMIC policy, including DoD Instruction 5010.40, the annual DoD Statement of Assurance handbook, the Chairman’s risk assessment process, and related audit requirements.
• Develop, document, and execute corrective action plans to remediate identified control weaknesses, and track remediation status through closure.
• Continuously curate, analyze, and maintain risk management–related data in support of Intel governance, leveraging ServiceNow Integrated Risk Management (IRM) and Strategic Portfolio Management (SPM) software applications.
• Help coordinate multiple risk and assurance reports, including the annual Statement of Assurance and other DIA and DoD governance reporting requirements.
• Apply broad DoD policy and DCSA direction for the FOCI program by monitoring performance reports, workload/utilization metrics, and other statistical documentation to ensure compliance with FOCI policies and emplaced mitigation plans.
• Perform oversight and monitoring functions related to emplaced FOCI mitigation measures, including the collection, validation, and maintenance of legal business entities’ security data.
• Identify emerging FOCI risks, trends, and vulnerabilities, and recommend updates to mitigation plans, controls, or processes.
• Prepare clear, detailed written correspondence, briefings, and reports on FOCI matters for senior leadership, oversight bodies, and external stakeholders.
• Conduct outreach engagements, training, and coordination with internal and external stakeholders to reinforce FOCI awareness, compliance expectations, and risk mitigation best practices.
• Support audit readiness and audit response activities by providing documentation, evidence, and subject matter input related to FOCI risk management and internal controls.

Qualifications

• Active DoD security clearance (at the level required by the contract, typically Secret or TS/SCI) or the ability to obtain and maintain one.
• Bachelor’s degree in Business, Finance, Accounting, Risk Management, Security Studies, International Relations, or a related field.
• Minimum of 5 years of experience in risk management, internal controls, compliance, audit, security, or related functions within the DoD, Intelligence Community, or federal sector.
• Demonstrated experience conducting risk assessments, internal control testing, and corrective action plan development and tracking.
• Familiarity with DoD RMIC policy and guidance, including DoD Instruction 5010.40 and the DoD Statement of Assurance process.
• Experience working with, or supporting, FOCI-related programs, national security, industrial security, or related regulatory frameworks.
• Ability to analyze quantitative and qualitative data, prepare risk reports, and present findings and recommendations clearly to leadership.
• Strong written and verbal communication skills, including the ability to draft detailed correspondence and formal documentation.
• Proficiency with common office productivity tools (e.g., Microsoft Excel, Word, PowerPoint) and comfort working with enterprise systems or GRC/IRM tools.

Preferred Qualifications

• Master’s degree in Business Administration, Public Policy, Security Studies, Risk Management, or a related discipline.
• Direct experience supporting the intel community, DCSA, or other Defense Intelligence Enterprise organizations.
• Hands-on experience with ServiceNow Integrated Risk Management (IRM), Governance Risk and Compliance (GRC), or Strategic Portfolio Management (SPM) modules.
• In-depth knowledge of FOCI concepts, NISPOM/industrial security requirements, and DCSA FOCI mitigation instruments (e.g., SSA, SCA, Proxy, Voting Trust).
• Experience supporting or leading the preparation of the annual Statement of Assurance or similar enterprise assurance products.
• Professional certifications in risk, audit, or security (e.g., CRISC, CISA, CIA, CGAP, CISSP, CPP, or similar).
• Demonstrated experience supporting audit readiness, audit response, and remediation activities in a DoD or IC environment.
• Experience developing and delivering outreach, training, or briefings on risk management, FOCI, or internal control topics to diverse stakeholder groups.

Additional Information

Working Conditions

• Normal office conditions.
• The primary performance location for this contract will be Washington, D.C.
• The Government reserves the right to require contract performance at alternate locations, as dictated by mission requirements; these locations may be subject to change.
• Occasional travel may be required to support global engagement activities and coordination efforts.

Working at SOSi

All interested individuals will receive consideration and will not be discriminated against for any reason.