[Contingent] Lead Cybersecurity Compliance Manager (ATO SME)

About The Position

Requirements

• Led federal information systems through the complete NIST SP 800-37 lifecycle to ATO.
• Proficient in producing SSPP, SAR, POA&M, RTM, and authorization package documentation that is accurate, complete, and AO-ready.
• Understanding of the Privacy Act of 1974, OMB A-130, and E-Government Act Section 208 requirements and ability to coordinate IPA/PIA processes with privacy officials.
• Ability to direct cross-functional teams of ISSOs, SCAs, and system owners, keeping everyone aligned on authorization timelines and accountable for their deliverables.
• Ability to translate complex security posture findings into clear risk briefings for senior government officials and executive stakeholders.
• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field
• 10+ years of IT Project Management experience in both Waterfall and Agile environments
• 10+ years performing systems security assessments, preparing A&A documentation, and achieving security authorizations for federal information systems including classified systems
• 10+ years of experience with federal IT security regulations and standards
• Minimum two (2) of the following certifications: CISA (ISACA), CRISC (ISACA), CISM (ISACA), CGEIT (ISACA), CISSP (ISC²), CAP/CGRC (ISC²)
• Active TOP SECRET clearance required
• Must be a U.S. Citizen.

Nice To Haves

• Prior experience supporting federal agency ATO programs
• Experience with federal authorization management platforms used in federal environments (e.g., JCAM)
• Experience with classified system (Secret, Top Secret) ATO packages
• Experience developing Privacy Risk Certification Memos and coordinating with Senior Component Officials for Privacy (SCOP)
• Familiarity with automated asset discovery and continuous scanning tools for system boundary definition
• Experience supporting both on-premises and FedRAMP cloud authorization packages

Responsibilities

• Lead all phases of the NIST SP 800-37 Rev. 2 RMF lifecycle: Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor, across a range of federal information system types.
• Develop, manage, and maintain ATO packages including System Security and Privacy Plans (SSPP), Security Assessment Reports (SAR), Plans of Action and Milestones (POA&M), Requirements Traceability Matrices (RTM), Residual Risk Reports, and Threat Matrix Reports.
• Provide technical direction to ISSO and Security Control Assessor (SCA) teams; ensure proper role separation and independence requirements are maintained across assessment and authorization activities.
• Conduct system-level risk assessments and brief senior government officials on security posture, residual risks, and recommended risk responses.
• Lead the selection, tailoring, and allocation of NIST SP 800-53 Rev. 5 security and privacy controls in accordance with applicable federal cybersecurity standards; generate Requirements Traceability Matrices.
• Develop and maintain Information Security Continuous Monitoring (ISCM) plans to supplement agency-level monitoring strategies at the system level.
• Coordinate privacy documentation, including Initial Privacy Assessments (IPA), Privacy Impact Assessments (PIA), and Systems of Records Notices (SORN), for systems processing Personally Identifiable Information (PII).
• Manage MOU and Interconnection Security Agreement (ISA) development for system interconnections; ensure interconnection documentation is included in final A&A packages.
• Support annual FISMA and FISCAM audits: prepare documentation and respond to auditor requests.
• Manage scope, schedule, and resource allocation for RMF engagements; provide regular program status reporting.

Benefits

• Medical Insurance
• Dental Insurance
• Vision Insurance
• Life Insurance
• Short Term & Long Term Disability
• 401k Retirement Savings Plan with Company Match
• Paid Holidays
• Paid Time Off (PTO)
• Tuition and Professional Development Assistance