GRC / NIST RMF Specialist

About The Position

Requirements

• Deep understanding of NIST 800‑53, NIST RMF, and federal security baselines
• Experience preparing ATO packages and supporting federal accreditation processes
• Ability to translate compliance requirements into clear, actionable engineering tasks
• Strong writing and documentation skills for federal audiences
• Experience working with ISSOs, ISSEs, SCA teams, and federal program leadership
• Must reside in the NCR (DC/MD/VA)
• Secret clearance minimum; clearable candidates considered
• Operates with precision, structure, and clarity
• Understands both the technical and policy sides of federal cybersecurity
• Can guide teams through complex accreditation processes without friction
• Communicates confidently with auditors, assessors, and mission stakeholders
• Thrives in high‑trust, high‑impact advisory environments

Nice To Haves

• CISA
• CRISC
• CISM
• NIST RMF training (FedVTE or equivalent)
• ISO 27001 Lead Auditor is a meaningful differentiator, especially for commercial‑adjacent bids

Responsibilities

• Full lifecycle NIST RMF execution (Categorization → Continuous Monitoring)
• Development and refinement of SSPs, POA&Ms, SARs, and control evidence packages
• Security control assessments, gap analyses, and remediation planning
• Advisory support for ATO readiness, audit preparation, and stakeholder coordination
• Risk analysis and prioritization aligned to mission, system, and organizational impact
• Collaboration with engineering teams to ensure controls are implemented effectively
• Continuous monitoring strategy, reporting, and compliance sustainment