RMF / A&A Lead (NIH/HHS Experience)
Role details
Job location
Tech stack
Job description
- Responsible for leading the largest task team on the Federal program across ~165 FISMA systems.
- Will directs a 7 FTE RMF team plus ISSO support
- Responsible for the full authorization package production (SSP, BIA, PTA/PIA, CP/IRP), annual CP/IRP testing, POA&M and waiver management, C-SCRM, with independent QA of every package before AO submission.
- Prior leadership of automation-assisted A&A at portfolio scale is essential.
- Lead the development and maintenance of comprehensive system security plans aligned with NIST standards and federal regulatory frameworks such as FISMA, FedRAMP, and DIACAP.
- Conduct thorough security risk assessments and investigations to identify vulnerabilities within IT infrastructure, including network security, system hardening, and vulnerability management.
- Oversee the implementation of security controls based on NIST SP 800-53, ISO 27000 series, ISO 27002 standards, and other applicable frameworks to ensure compliance across all systems.
- Manage the accreditation process for government systems by coordinating with stakeholders to prepare documentation, perform security assessments, and obtain necessary authorizations.
- Support incident response activities by investigating security incidents, conducting threat detection & response analyses, and facilitating incident recovery efforts.
- Maintain awareness of evolving cybersecurity threats and regulatory requirements to proactively enhance security posture through governance, risk management (GRC) software solutions, and continuous monitoring.
Requirements
We are seeking a highly motivated and experienced RMF / A&A Lead with extensive NIH (National Institutes of Health) and HHS (Health and Human Services) experience to join our dynamic cybersecurity team. In this pivotal role, you will lead the Risk Management Framework (RMF) and Authorization & Accreditation (A&A) processes, ensuring our IT systems meet rigorous government security standards. Your expertise will drive the development, implementation, and continuous improvement of security policies, system security plans, and compliance programs.
Education / Experience: Bachelor's Degree + 8+ years RMF/A&A and ISSO experience across large federal portfolios (50+ systems strongly preferred)
Required Certifications: CISSP or CAP
Preferred: eMASS/CSAM/JCAM or equivalent; NIST SP 800-37/53/53A mastery; POA&M program management; C-SCRM/SBOM (EO 14028); FedRAMP reviews; OIG/GAO audit support; experience directing automated A&A artifact production, * 8+ years RMF/A&A and ISSO experience across large federal portfolios (50+ systems strongly preferred)
- Prior leadership of automation-assisted A&A at portfolio scale is necessary in this role.
- Deep understanding of system security plans, NIST standards (including SP 800-53), ISO 27000 series, FIPS compliance requirements.
- Extensive experience with computer networking concepts such as LAN/WAN architecture, routing protocols (OSPF/EIGRP/BGP), network protocols (TCP/IP/SSL), load balancing, DNS/DHCP services.
- Proficiency in managing network security devices including Cisco routers/switches, Cisco ASA firewalls, Palo Alto firewalls; familiarity with Cisco ISE for identity management.
- Strong knowledge of cloud computing platforms like AWS and Azure; experience with cloud infrastructure security best practices including FedRAMP compliance.
- Expertise in IT risk management frameworks such as COBIT or DIACAP; ability to perform vulnerability assessments using tools like Nessus or open-source equivalents.
- Skilled in implementing identity & access management solutions such as LDAP/Active Directory/RBAC; experience with encryption technologies including PKI and FIPS standards.
- Ability to develop and enforce security policies related to system hardening, incident management, disaster recovery planning, high availability configurations, and threat intelligence analysis.
Benefits & conditions
Pulled from the full job description Referral program Professional development assistance Tuition reimbursement 401(k) Health insurance Retirement plan 401(k) matching, * 401(k)
- 401(k) matching
- Dental insurance
- Employee assistance program
- Employee discount
- Flexible spending account
- Health insurance
- Life insurance
- Paid time off
- Professional development assistance
- Referral program
- Retirement plan
- Tuition reimbursement
- Vision insurance
License/Certification:
- active CISSP or CAP certification? (Required)