RMF, Security & ATO Manager (Remote)

Oxley EnterprisesStafford, VA
Remote

About The Position

The Risk Management Framework (RMF), Security & Authority to Operate (ATO) Manager serves as the lead for cybersecurity compliance, RMF implementation, and authorization activities supporting a mission-critical VA healthcare platform. As the RMF, Security & ATO Manager, you will lead Risk Management Framework, cybersecurity, and Authority to Operate activities for a complex multi-tenant cloud environments ensuring continuous compliance, zero ATO lapses, and a proactive security posture across a healthcare platform and all hosted tenant applications.

Requirements

  • 10 years of experience in federal cybersecurity, information assurance, RMF compliance, and ATO processes
  • Bachelor's Degree in cybersecurity, information assurance, computer science, or related field
  • Expert ability to ensure all security and authorization activities are executed in accordance with approved cybersecurity policies, RMF processes, and Government security requirements
  • Expert experience managing RMF and ATO processes for complex enterprise or mission-critical systems
  • Expert knowledge of the NIST RMF steps (e.g., Categorize, Select, Implement, Assess, Authorize, Monitor)
  • Expert experience managing federal ATO/ATC packages, continuous monitoring programs, and POA&M lifecycle management
  • Expert understanding of VA Office of Information Technology (OI&T) security governance, directives, and VA Handbook 6500 series
  • Excellent knowledge of Federal cybersecurity frameworks, security compliance processes, and continuous monitoring practices
  • Excellent experience conducting and coordinating security audits
  • Excellent ability to produce and maintain all required RMF security documentation
  • Excellent knowledge of multi-tenant ATO inheritance frameworks, authorization boundaries, and security control allocation between platform and tenant layers
  • Above average experience with vulnerability scanning tools (e.g., Nessus), Static Application Security Testing (SAST) integration, and vulnerability remediation tracking
  • Above average knowledge of healthcare and privacy control implementation in a cloud-hosted environment
  • Knowledge of VA Technical Reference Model (TRM) submission processes, connection management, and credential/account access audit requirements
  • Experience using SNOWCAM
  • Experience supporting Federal Government programs and systems operating in cloud or hybrid environments
  • Excellent verbal and communication skills
  • Active Federal Civilian Public Trust clearance
  • U.S. Citizenship or Permanent Resident that has lived in the United States for at least 3 years

Responsibilities

  • Maintains regular communication with the Contracting Officer's Representative (COR) and Government cybersecurity leadership regarding system authorization status, security posture, and risk mitigation activities
  • Manages all six steps of the NIST RMF process for the VA healthcare platform and all hosted applications
  • Ensures zero lapses in ATO status
  • Initiates, manages, and sustains all ATO/ATC packages including periodic assessment oversight, activities, and staffing of all ATO audits
  • Leads and coordinates all security audits and assessments including internal and external assessment teams
  • Attends all audit meetings, provides documentation, and reviews all findings for accuracy
  • Develops and maintains the platform authorization strategy defining ATO inheritance frameworks, tenant onboarding standards, and platform security guardrails
  • Creates and maintains all POA&Ms ensuring proper NIST security family alignment, mapping, milestone accuracy, and timely closure of findings
  • Produces and delivers monthly RMF, security, and ATO status reports
  • Conducts and maintains incident response and disaster recovery tabletop exercises annually or as mandated
  • Reports exercise results to leadership and implements all corrective actions
  • Manages credential and account audits
  • Submits and maintains internal and external connection requests
  • Manages full lifecycle connection requests (e.g., submission, approval, removal)

Benefits

  • Medical, dental, vision and prescription drug coverage for you and your family.
  • Life Insurance, short-term disability and long-term disability paid for by the Company.
  • Supplemental coverages including Accident, Critical Illness, and Hospital.
  • Additional Life insurance coverage for you and your dependents.
  • 401k plan with various options to select based on your retirement goals.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service