Risk Management Framework (RMF) Lead
About The Position
We are seeking a highly skilled and innovative Risk Management Framework (RMF) Lead to join our team in the greater DMV area, supporting the Army National Guard. Responsibilities Guide enterprise RMF implementation: develop RMF plans, concepts of operations, authorization strategies, and organization‑wide risk management approaches. Coordinate selection, implementation, assessment, and continuous monitoring of security controls across system lifecycles and integrate RMF activities with eMASS workflows. Lead and conduct RMF assessments and authorization activities with Government leads; prepare quarterly RMF status updates and assessment reports. Advise leadership on risk tolerance, residual risk, mitigation options, and authorization decisions; translate RMF findings into actionable remediation roadmaps and POA&Ms. Align RMF documentation with cybersecurity artifacts (SSP, SAR, SCA evidence) to present a coherent enterprise risk picture and support accreditation. Establish RMF governance processes, control validation practices, evidence collection standards, and automation opportunities to improve repeatability and audit readiness. Coordinate cross‑functional stakeholders (engineering, ISSM/ISSO, CIRT, ops, acquisition) to validate controls, verify mitigations, and close authorization actions. Produce decision‑grade briefings, RMF metrics/dashboards, and executive summaries for program and senior leadership. #ENOCS
Requirements
- 5 years with BS/BA; 3 years with MS/MA; 0 years with PhD
- Clearance: Active TS/SCI clearance.
- Candidate must meet ONE of the following: Master’s degree or Ph.D. in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, Software Engineering, or a related field; OR Relevant DoD/military training (examples: 4C‑FA26A; M09CHN1; A‑531‑0009; Information Systems Security Manager (Advanced) Playlist); OR Relevant professional certification or equivalent experience (examples: CISM; CISSP; CISSP‑ISSMP; FITSP‑M; GCIA; GCIH; GICSP; GSLC).
- Cybersecurity, RMF, or systems authorization experience with experience leading RMF/ATO efforts in DoD or large enterprise environments.
- Deep knowledge of NIST SP 800‑53/800‑37, RMF control families, eMASS workflows, evidence collection, and POA&M management.
- Proven ability to lead assessments, adjudicate control findings, produce SSP/SAR artifacts, and brief senior leadership on authorization decisions and risk posture.
- Strong stakeholder coordination skills to drive remediation, validate mitigations, and integrate RMF into development and operations lifecycles.
- Experience implementing RMF automation, dashboards, and process improvements to increase audit readiness and reduce authorization timeframes.
Nice To Haves
- Prior DoD/ARNG RMF lead or ISSM/ISSO leadership experience.
- Familiarity with cloud authorization patterns, continuous monitoring tooling, and integrating RMF into DevSecOps pipelines.
- Advanced certifications (CISM, CISSP, GICSP) and experience with enterprise accreditation programs.
Responsibilities
- Guide enterprise RMF implementation: develop RMF plans, concepts of operations, authorization strategies, and organization‑wide risk management approaches.
- Coordinate selection, implementation, assessment, and continuous monitoring of security controls across system lifecycles and integrate RMF activities with eMASS workflows.
- Lead and conduct RMF assessments and authorization activities with Government leads; prepare quarterly RMF status updates and assessment reports.
- Advise leadership on risk tolerance, residual risk, mitigation options, and authorization decisions; translate RMF findings into actionable remediation roadmaps and POA&Ms.
- Align RMF documentation with cybersecurity artifacts (SSP, SAR, SCA evidence) to present a coherent enterprise risk picture and support accreditation.
- Establish RMF governance processes, control validation practices, evidence collection standards, and automation opportunities to improve repeatability and audit readiness.
- Coordinate cross‑functional stakeholders (engineering, ISSM/ISSO, CIRT, ops, acquisition) to validate controls, verify mitigations, and close authorization actions.
- Produce decision‑grade briefings, RMF metrics/dashboards, and executive summaries for program and senior leadership.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Number of Employees
5,001-10,000 employees
