Cybersecurity Assessment and Authorization (A&A) Subject Matter Expert (SME)
About The Position
Enterprise Horizon Consulting Group (EHCG) is seeking a highly skilled Cybersecurity Assessment and Authorization (A&A) Subject Matter Expert (SME) to support the full lifecycle of cybersecurity authorization activities for complex information systems. This role requires deep expertise in the DoD Risk Management Framework (RMF), NIST security controls, and the assessment and authorization of large, diverse IT environments. The SME will guide systems through the RMF process, evaluate vulnerabilities, determine severity and mission impact, and brief senior leadership on authorization status and risk posture. This position demands strong analytical skills, expert knowledge of cybersecurity policy, and the ability to apply NIST 800‑53 controls across varied infrastructures.
Requirements
- Must have an active Secret clearance.
- Minimum five (5) years of relevant Risk Management Framework (RMF) and NIST Assessment & Authorization (A&A) experience.
- DoD cybersecurity experience supporting enterprise‑level systems.
- Demonstrated experience assessing security controls and conducting authorization reviews for large, complex organizations.
- Strong understanding of DoD cybersecurity policies, procedures, and the DoD authorization process.
- Knowledge of cybersecurity considerations for emerging technologies, including Cloud, ICS, OT, and related systems.
Responsibilities
- Serve as the cybersecurity SME for all Assessment and Authorization (A&A) activities, ensuring compliance with DoD and NIST requirements.
- Perform RMF activities for systems undergoing authorization, including control assessment, documentation review, and risk analysis.
- Apply expert understanding of NIST SP 800‑53 security controls and their relevance to large, complex IT infrastructures composed of multiple enclaves, applications, and outsourced services.
- Identify vulnerabilities, determine severity levels, and assess potential impacts on system authorization status.
- Conduct comprehensive authorization reviews for enterprise‑level systems and environments.
- Brief senior leadership on RMF progress, findings, risks, and recommended courses of action.
- Support the development, implementation, and refinement of cybersecurity policies, procedures, and processes aligned with DoD requirements.
- Apply cybersecurity expertise to emerging technologies, including cloud services, Industrial Control Systems (ICS), warehouse execution systems, and Operational Technology (OT).
- Evaluate and apply cybersecurity controls for modern computing environments such as hybrid cloud, edge computing, and IoT‑related architectures.
Benefits
- Medical, Dental, & Vision
- Life Insurance, Short-term Disability, Long-term Disability
- SIMPLE IRA with Company Match
- Federal Holidays
- Vacation & Sick Leave
- $500 Referral Bonus
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
