RMF Lead - Risk Management Support Task Lead - Secret or TS
S2i2•Scott AFB, IL
•Onsite
About The Position
Leads the risk management support team on the Senior Information Security Officer (SISO) effort, managing on-site deliverables and serving as the day-to-day technical lead for Information Systems Security Engineering (ISSE), security control assessment, and vulnerability management across the approximately 40 systems in the portfolio. Executes the DoD Risk Management Framework (RMF) per DoDI 8510.01 and NIST SP 800-37 Rev 2 across on-premises and commercial cloud environments. Reports to the Task Order Program Manager and coordinates directly with the Government functional lead.
Requirements
- Minimum 7 years leading teams in Information Systems Security Engineering (ISSE), security control assessment, and vulnerability management within the DoD
- Proven expertise applying the Risk Management Framework (RMF) to DoD systems
- Active DoD 8570.01-M / 8140 Information Assurance Management (IAM) Level III certification (e.g., CISM or CISSP)
- Demonstrated hands-on experience with eMASS, ACAS, and DISA STIGs
- Active SECRET or TS clearance
Nice To Haves
- Scott AFB, or other Combatant Command / Joint headquarters cyber experience
- Prior service as a Security Control Assessor Representative (SCAR) on behalf of an SCA/AO
- Experience managing RMF across a large multi-system portfolio (30+ systems)
- NIPRNet and SIPRNet experience; commercial cloud (Azure/AWS) authorization experience
- Familiarity with Zero Trust implementation across on-premises and cloud applications
- Bachelor's degree in cybersecurity, information systems, or a related technical field
Responsibilities
- Lead execution of the DoD Risk Management Framework (DoDI 8510.01; NIST SP 800-37 Rev 2) across on-premises and commercial cloud (Azure/AWS) environments for assigned USTRANSCOM systems
- Manage on-site deliverables and coordinate directly with the Government functional lead on priorities, schedules, and work products
- Direct ISSE lifecycle support consistent with NIST SP 800-160 Vol I and Vol II, including security architecture and control-selection input
- Oversee security control assessment and continuous monitoring, producing risk analyses and recommendations for the Security Control Assessor (SCA) and Authorizing Official (AO)
- Lead vulnerability management - ACAS scanning, DISA STIG compliance, IAVM tracking, and POA&M development and remediation
- Drive eMASS workflows (package build, control assessment, artifact review) and complete RMF triage within required timelines
- Supervise team utilization, schedules, and the quality of risk-management work products across the support team
- Brief risk posture, residual risk, and mitigation recommendations to Government stakeholders and S2i2 program leadership
Benefits
- Support to achieve professional certifications and degrees
- Leadership that is accessible to all employees
- Regular company updates
- Client networking social engagements
- Monthly team-building activities (past examples: Top Golf)
- Supporting our community - including veterans
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Senior
