Subject Matter Expert - RMF & ATO Lead

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, Information Security, Computer Engineering, Business, or a related field.
• 10 years of total experience in IT Project Management in both Waterfall and Agile environments.
• 5 years of experience performing system security assessments, preparing system security documentation, and/or executing security upgrades for live networks, servers, desktop systems, and enterprise databases leading to successful certification, accreditation, or ATO.
• 5 years of IT security experience with extensive knowledge of federal security regulations and assessment methodologies, including development of A&A and ATO packages for a wide range of systems, including classified systems.
• Active possession of two (2) of the following certifications: CISA, CRISC, CISM, CGEIT, CISSP, or CAP.
• Must have an active Top Secret Security Clearance.

Nice To Haves

• Experience assessing and enhancing IT security policies and procedures in response to federal and international regulatory requirements.
• Strong working knowledge of NIST Special Publications, including NIST SP 800-53 for security control selection and NIST SP 800-37, with experience using JCAM preferred.
• Experience supporting DOJ, BOP, or other federal law enforcement or justice-related environments.
• Experience leading Rapid ATO efforts for cloud-based systems.
• Strong written and verbal communication skills with the ability to brief technical and non-technical stakeholders.

Responsibilities

• Lead execution of the NIST RMF lifecycle in accordance with NIST SP 800-37, including Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor phases.
• Oversee the development, quality review, and approval readiness of authorization package artifacts, including System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), and risk assessment documentation.
• Guide system owners and technical teams through Rapid ATO timelines while maintaining full compliance with DOJ policies and NIST SP 800-53 control requirements.
• Lead security control selection, tailoring, and allocation based on system categorization, architecture, and operational environment.
• Validate security control implementations and ensure documentation is supported by verifiable technical evidence across cloud and on-premise environments.
• Direct the development of Security Assessment Plans (SAPs) and review assessment results to support authorization decisions.
• Lead risk analysis, determination, and response activities, including advising leadership on risk acceptance, mitigation, or remediation strategies.
• Oversee POA&M development and ensure remediation activities are tracked to closure in accordance with federal timelines.
• Provide oversight of Continuous Monitoring (ConMon) strategies, ensuring ongoing authorization requirements are met and accurately reported.
• Ensure authorization packages are updated to reflect system changes, assessment results, and evolving risk conditions.
• Ensure all RMF and supporting documentation is complete, accurate, and entered into JCAM.
• Lead development and review of supporting cybersecurity artifacts, including Incident Response Plans, Contingency Plans, Configuration Management Plans, Interconnection Security Agreements (ISAs), Memorandums of Understanding (MOUs), and privacy documentation (IPA/PIA), as applicable.
• Serve as the primary cybersecurity liaison to system owners, ISSOs, engineers, assessors, and Authorizing Official (AO) representatives.
• Provide technical leadership, mentorship, and guidance to ATO analysts, security engineers, and architects.
• Support issue resolution efforts and facilitate risk-based decision making with senior leadership and stakeholders.

Benefits

• major medical benefits such as dental and vision coverage
• a 401(k)-contribution plan
• holiday and personal time off
• professional development training & certification benefits
• health & wellness subsidies
• paid time off for community service