Risk Management Framework Validator

KINAOLE SERVICE CENTERWahiawa, HI
$125,000 - $140,000Onsite

About The Position

Ho'olaulima Government Solutions LLC (HGS) is seeking a Risk Management Framework Validator. HGS is a Small Business Administration-certified, Native Hawaiian Organization-Owned, 8(a) Small Business providing services in Cybersecurity, IT, Professional and Technical, Environmental, and Healthcare to the Department of Defense and other Federal agencies. HGS is a subsidiary of the Kina'ole Foundation, a non-profit benefiting Native Hawaiian communities. This role operates under the supervision of the Operations Manager.

Requirements

  • TOP SECRET/SCI eligible clearance
  • Counter Intelligence Security Polygraph (CSP)
  • Valid TOP SECRET/SCI clearance and required polygraph must be maintained.
  • Security clearance based on a current, Office of Personnel Management (OPM) conducted background investigation with no break in service greater than two years, commensurate to the level of eligibility and access required for the position.

Nice To Haves

  • Navy Qualified Validator (NQV) certification (required within six months of hire)

Responsibilities

  • Provide recommendation, support and advice in the implementation, management, maintenance and growth of the commands A&A program.
  • Provide subject matter expertise in support of the Risk Management Framework (RMF) Assessment and Authorization (A&A) process.
  • Provide NCTAMS PAC and four subordinate commands RMF support to ensure the Naval Authorization Official's (NAO) requirements have been met for all NCTAMS PAC and subordinate commands owned systems.
  • Perform security control assessments on RMF packages before submission to Echelon II, Security Control Assessor (SCA), Security Control Assessor Liaison (SCAL), and the NAO.
  • Perform risk assessments on NCTAMS PAC and subordinate commands owned circuits, systems, or other information systems that process, store, transmit and/or display DoD/DON information based on findings from Security Control Assessment. Provide articulated findings in the required reportable format as defined by NAO, which include but are not limited to DISA manual STIGs, DISA automated SCAPs, and Tenable's ACAS security tools.
  • Organize and update weekly Authority to Operate (ATO) status tracker for all security packages within the NCTAMS PAC AOR. Provide weekly tracker status to the command A&A manager.
  • Utilizing Risk Assessment Report, Security Implementation Guide (STIG) Checklists, Assured Compliance Assessment Solution (ACAS) and other tools provided by the Government, analyzes the results of general cybersecurity- related technical problems relating to risk, threats, vulnerabilities, mitigation, or remediation analysis of information systems and applications throughout the systems development life cycle (from inception to decommission). Provide analysis, updates, and reports via eMASS in support of the command Assessment & Authorization (A&A) Manager.
  • Assist Government personnel in the affected areas in the completion of RMF documentation and procedures required to obtain an accreditation (e.g. Authority to Operate (ATO), Authority to Operate with Conditions (ATO w/ Cond), Authority to Connect (ATC), Authority to Connect with Conditions (ATC w/ Cond), etc.) for NCTAMS PAC and subordinate command owned sites and systems.
  • Within six months of hire, achieve Navy Qualified Validator (NQV) certification in order to conduct security control assessments of RMF packages.
  • Assist Government personnel in the affected areas with the implementation, evaluation, and direction in the development of RMF required artifacts to include, but not limited to, Security Plans, Security Assessment Plans, Continuous Monitoring Strategy, Test Plans, Risk Assessment Reports (RAR), and Plan of Action and Milestones (POA&M) for NCTAMS PAC and AOR security packages.
  • Assist the A&A manager with processing Boundary Change Requests (BCR) for the IT- 21 PRNOC Enterprise by verifying the relevant A&A information for the target systems are valid prior to processing. These actions include confirming that a valid ATO exists for the target system as well as ensuring the associated ports, protocols and services for the proposed source/destination IPs are both DISA Category Assurance List (CAL) compliant and properly registered for boundaries 07 and 08 within the system's Ports, Protocols, and Services Management (PPSM) record. All Urgent BCRs must be processed within 3 business days whereas routine BCRs are to be processed within 5 business days, per NAO's requirements.
  • Other duties as assigned by Supervisor.

Benefits

  • Health insurance
  • Dental insurance
  • Life insurance
  • Professional training reimbursement
  • 401K
  • Disability insurance
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service