HiringCafe
Posted 3w ago

Risk Management Framework SME

@ GovCIO
View All Jobs
Hampton, Virginia, United States
$145k/yrOnsiteFull Time
Responsibilities:Lead RMF, Manage documentation, Provide oversight
Requirements Summary:High School with 9+ years experience; TS/SCI clearance; RMF/ISSM background; XACTA; strong communication; DOD 8140 IAM Level III; NIST knowledge.
Technical Tools Mentioned:XACTA, STIGs, ACAS, HBSS/Trellix, Vulnerability management, RMF
Save
Mark Applied
Hide Job
Report & Hide
Job Description

GovCIO is currently hiring for a Risk Management Framework SME to support modernization effort. This position will be located in Hampton, VA on Joint Base Langley-Eustis and will be a fully onsite position.


Responsibilities

We are seeking a highly skilled Risk Management Framework (RMF) Subject Matter Expert (SME) with a strong information system security manager (ISSM) background and hands-on experience with XACTA. You will guide system owners, engineering, teams and leadership through the full RMF lifecycle- ensuring compliance, managing documentation, and supporting secure system operations across classified and unclassified environments. This position is located at Langley Air Force Base, Hampton, Virginia.

 

Key Responsibilities

  • Lead and manage the full DOD RMF process for assigned systems
  • Provide ISSM-level oversight and guidance to ensure compliance with DOD, NIST and agency-specific security policies
  • Develop, maintain, and validate RMF documentation including System Security Plans, Security controls traceability matrices, POA&M, and systems categorization artifacts
  • Utilize XACTA for control implementation, evidence upload, package creation, workflow, management, and assessment preparation
  • Work closely with engineers, administrators, developers, and mission stakeholders to ensure secure design and architecture decisions
  • Lead assessment preparation activities and support independent audits, CCRI reviews, and Authorizing Official (AO) evaluations
  • Conduct vulnerability analysis, risk assessment and remediation planning
  • Guide continuous monitoring activities: STIG compliance, vulnerability scanning, patch management review, and incident documentation
  • Serve as a subject matter expert for cybersecurity policy interpretation, control inheritance, and risk acceptance recommendations
  • Provide training, mentoring and support to security analysts and program team members

Qualifications

High School with 9+ years (or commensurate experience)

Required Skills and Experience

Clearance: TS/SCI 

  • Proven experience supporting or performing duties as an ISSM or ISSO
  • Hands-on experience with XACTA for RMF package development
  • Experience with STIGs, ACAS, HBSS/Trellix, vulnerability management, and secure configuration baselines
  • Strong communication skills and the ability to brief leadership and stakeholders
  • DOD 8140 IAM Level III (CISSP, CISM, CCISO)

Preferred Skills and Experience 

  • Experience supporting complex, multi-system environments or programs of record
  • Experience supporting CCRI/ Command Cyber Readiness Inspections 
  • Experience with DOD networks (NIPR, SIPR, JWICS)

#DSG #NSS #MAVERICK #TM #TMK


Posted Salary Range

USD $135,000.00 - USD $145,000.00 /Yr.