Job Requirements
Job Description
Enterprise Security Risk & Compliance Reviewer
Location: Remote
Required Clearance: Public Trust
Since 1999, ITEC has delivered mission-critical support to the DoD and Intelligence Community. Now part of ManpowerGroup Public Sector (MGPS), we continue that work with expanded capabilities. Employees hired through this process will join MGPS and receive a comprehensive benefits package and competitive pay.
Job Description:
We are seeking an Enterprise Security Risk & Compliance Reviewer who evaluates system architectures, integrations, and proposed changes to identify security risks, design weaknesses, and deviations from enterprise security patterns. The role partners closely with architects and engineering teams to validate threat considerations and recommend adjustments that strengthen system security and reduce enterprise risk. It also documents findings and tracks recurring issues to inform improvements to enterprise patterns and security-by-design practices.
Job Responsibilities:
- Analyze system designs, integrations, and deployment models to identify structural security risks, such as weak trust boundaries, insecure data pathways, insufficient segmentation, or architectural decisions that elevate attack surface.
- Evaluate proposed changes or new features to determine how they impact the system’s security posture, focusing on architectural drift, pattern deviations, and design weaknesses that could introduce mission or enterprise risk.
- Provide feedback to program teams on required adjustments to strengthen security design, close risk gaps, and ensure alignment with enterprise-approved patterns and guardrails.
- Document identified risks and misalignments to support informed decision-making by system owners, Security Architecture, and leadership.
- Engage with system architects, engineering leads, and platform owners to validate threat considerations (e.g., identity trust chains, data ingress/egress, cloud service misuse scenarios, AI-assisted workflows) and confirm that systems are resilient against known and emerging attack patterns.
- Track recurring architectural weaknesses across reviews to inform updates to enterprise patterns, reusable architecture guidance, and security-by-design practices.
Required Skills:
- Ability to perform structured security reviews of new or updated systems against enterprise architecture patterns and standards.
- Understanding of security control baselines (NIST SP 800-53, FedRAMP Moderate/High) and how to validate control implementation.
- Ability to identify security gaps, misconfigurations, and deviations from required patterns (e.g., identity, logging, encryption, boundary controls).
- Ability to interpret architectural patterns and determine whether an implementation meets required security design expectations.
- Comfort reviewing system diagrams, data flows, and integration patterns for risk implications.
- Skill in identifying and articulating risks introduced by system changes (configuration, integration, data handling, cloud services).
- Experience performing qualitative risk analysis (likelihood, impact, residual risk).
- Ability to document findings in clear, non-ambiguous language, including:
- Issue description
- Relevant standard/pattern violated
- Risk statement
- Recommended mitigation
- Able to work across Security Architecture, Cyber Risk, SecEng, and IT program delivery teams.
Education Level:
Bachelor’s Degree
