Job Description

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent experience).
• Experience in cybersecurity compliance, RMF, risk management, or related environments.
• Demonstrated experience supporting enterprise-level cybersecurity or compliance programs.
• Experience working in complex IT environments with federal or regulated systems.
• Strong knowledge of NIST RMF (SP 800-37) and NIST SP 800-53 controls.
• Experience with A&A, ATO processes, and continuous monitoring.
• Familiarity with GRC tools (e.g., Archer, Xacta, CSAM).
• Experience with vulnerability management and risk prioritization.
• Strong documentation and technical writing skills.
• Analytical and problem-solving capabilities.
• Ability to communicate effectively with technical and non-technical stakeholders
• Required Certifications
  • Role-appropriate cybersecurity certification demonstrating competency in compliance, RMF, or risk management.
  • Examples include: Security+, CISA, CISSP (or equivalent certifications aligned with role responsibilities).
     

• Support RMF lifecycle activities including system authorization, reauthorization, and continuous monitoring.
• Develop, maintain, and update security documentation (SSPs, SARs, POA&Ms, contingency plans).
• Perform security control assessments (SCA) and control validation activities.
• Track and manage POA&Ms, vulnerabilities, and remediation activities.
• Conduct risk assessments, gap analyses, and compliance reviews.
• Support FISMA, NIST SP 800-53, and other federal compliance requirements.
• Coordinate with system owners, ISSOs, engineers, and auditors.
• Support audit readiness and respond to internal/external audit requests.
• Maintain RMF artifacts in GRC tools (e.g., Xacta, Archer, ServiceNow).
• Assist with continuous monitoring, reporting, and compliance metrics development.