C4PS - 2517 Risk Management Framework (RMF) Specialist - MARCH 2024

Location

Fort Belvoir, VA | United States

Job description

Position Title: Risk Management Framework (RMF) Specialist

Location: Fort Belvoir, VA

Position Type: Full-time

Salary Range: $100,000 - $109,000

Travel: Up to 10%

Security Clearance Requirement: Position requires active security clearance

Certification Requirements:

• IAM Level III certification, or equivalent cybersecurity certifications

Years of Experience: 3 - 5 years

Roles and Responsibilities:

The RMF Specialist develops RMF implementation plans, conducts risk assessments, and ensures compliance with cybersecurity policies. Expertise in RMF 2.0, FISMA, NIST publications, and security tools like eMASS and APMS required. Strong analytical skills and ability to collaborate with stakeholders.

• Develop and deliver implementation plans, risk assessments, research, and analysis in support of RMF and continuous monitoring based on Government regulations, plans, and direction.
• Provide monthly status reports and track the execution of Army RMF, including compliance with authorizations, system assessments, and Plan of Actions & Milestones (POA&M) expirations and executions.
• Collaborate with automated RMF tools such as eMASS and APMS, following the Federal Information Security Management Act (FISMA), DoD Directive 8500.01, NIST Special Publication 800-53, and CNSSI1253 guidelines.
• Ensure compliance with DoD Cybersecurity (CS) policy requirements outlined in DoDI 8500.01, DoDI8510.01, and their successors.
• Integrate with Security Requirements Guide (SRG) and Security Technical Implementation Guides(STIG) development teams to include emerging technologies in the STIG roadmap process.
• Conduct onsite visits and surveys to address security compliance and technical analysis, producing comprehensive reports and recommendations for improvements and enhancements.
• Identify risk areas through implementation shortfalls and develop plans to recommend policy updates, addressing widespread issues and exceptions to policy.
• Participate in working groups, forums, and direct interactions to gather information for research and analysis in support of RMF and continuous monitoring.
• Standardize forms and integrate with continuous Authorization to Operate (cATO) and RMF emerging technology efforts to reduce the burden on mission owners while maintaining security.
• Provide guidance on addressing risks from a mission and business process perspective, ensuring Army CS initiatives align with applicable laws and regulations.
• Support the integration of Operational Technology (OT) into the Army's IT and Network Operations CS capability by tracking emerging tech and working with mission owners.
• Conduct outreach and education on data value and categorization, integrating with various Army data owners to achieve unified end-to-end multi-element asset capabilities.
• Support the Commercial Temporary Exception to Policy (C-TEP) program, creating standardized templates and workflow automation.
• Track tasks and requirements aligned with the Army Data Strategy and Army Directives, representing Army security needs in future strategy and directives.

Education:

• Bachelor's degree in a relevant field or equivalent experience
• IAM Level III certification or equivalent cybersecurity certifications

Required Skills:

• Proven experience in RMF policy creation, risk assessments, and cybersecurity compliance.
• In-depth knowledge of RMF 2.0, FISMA, NIST publications, and DoD cybersecurity policies.
• Excellent communication and collaboration abilities to work with various stakeholders.
• Ability to conduct onsite visits and technical analysis.
• Understanding of emerging technologies and their impact on cybersecurity.

Requirements

• T RAVEL REQUIRED FOR POSITION UP TO 10% - Must be able to obtain or possess a valid US Passport and be physically qualified to support military exercises and contingency operations.
• Proven experience in RMF policy creation, risk assessments, and cybersecurity compliance.
• In-depth knowledge of RMF 2.0, FISMA, NIST publications, and DoD cybersecurity policies.
• Strong active listening, data entry, and documentation skills.
• Willing to work in a 24x7x365 secured environment, demonstrate intuitive problem-solving skills, and allow for flexible scheduling.

Certification Requirements:

• IAM Level III certification or equivalent cybersecurity certifications

Benefits

• Paid Vacation, Sick Time and Holidays
• Medical, Dental, Life and Disability Insurance
• 401K with Employer Contribution Matching
• Service Disabled Veteran Owned Business
• Equal Opportunity Employer
• ISO 9001:2015 Certified Company

Job tags

Salary