Risk Management Support Lead

Empower AI Inc.•Quantico, VA

9d•Onsite

About The Position

Empower AI is AI for government. Empower AI gives federal agency leaders the tools to elevate the potential of their workforce with a direct path for meaningful transformation. Headquartered in Reston, Va., Empower AI leverages three decades of experience solving complex challenges in Health, Defense, and Civilian missions. Our proven Empower AI Platform® provides a practical, sustainable path for clients to achieve transformation that is true to who they are, what they do, how they work, with the resources they have. The result is a government workforce that is exponentially more creative and productive. For more information, visit www.Empower.ai. Empower AI is proud to be recognized as a 2024 Military Friendly Employer by Viqtory, the publisher of G.I. Jobs. This designation reflects the company’s commitment to hiring and supporting active-duty and veteran employees.

Requirements

Shall possess a TOP SECRET security clearance with SCI eligibility (favorably adjudicated T5 or T5R; within investigation scope or currently enrolled in Continuous Evaluation/Continuous Vetting).
Active CISSP (Certified Information Systems Security Professional) or CAP (Certified Authorization Professional) certification.
Active PMP (Project Management Professional) certification.
DoD 8570/8140 IAM Level III certification.
Expert-level knowledge of NIST SP 800-37 (RMF), NIST SP 800-53 (Security Controls), and DoDI 8510.01.
Demonstrated experience with eMASS for RMF process management and documentation.
Experience with STIGs, SCAP tools, ACAS/Nessus, and vulnerability lifecycle management.
Experience with enterprise technologies including VMware, Linux (RHEL), Windows Server, Active Directory, and enterprise storage.
Strong customer service orientation and experience serving as the primary liaison with Government Authorizing Officials.
Excellent written, oral, and interpersonal communication skills.

Nice To Haves

Experience supporting a DoD or IC customer is a plus.

Responsibilities

Lead end-to-end RMF process for multiple information systems, from system categorization (Step 1) through continuous monitoring (Step 6).
Manage RMF artifacts including System Security Plans (SSP), Security Assessment Reports (SAR), and Plans of Action and Milestones (POA&M).
Operate the Enterprise Mission Assurance Support Service (eMASS) platform to manage and document RMF processes.
Apply NIST SP 800-37 (RMF), NIST SP 800-53 (Security Controls), and DoDI 8510.01 (RMF for DoD IT) across all assigned systems.
Apply DoD Security Technical Implementation Guides (STIGs) and use Security Content Automation Protocol (SCAP) tools to assess and document compliance.
Manage vulnerability lifecycle using ACAS/Nessus, interpret scan results, and manage remediation through POA&Ms.
Work with technical teams to select, implement, and document NIST SP 800-53 security controls; provide guidance on control implementation and evidence collection.
Prepare systems for security control assessments, act as primary liaison with security assessors, and compile final authorization packages for AO submission.
Serve as the subject matter expert for DoD cybersecurity policy interpretation including STIGs; provide guidance to technical teams on achieving and maintaining compliance.
Maintain DoD 8570/8140 IAM Level III certification currency.