RMF / A&A Lead (NIH/HHS Experience)

Greenbrier Government Solutions Inc.
Washington, United States of America
2 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
$ 185K

Job location

Washington, United States of America

Tech stack

Microsoft Active Directory
Amazon Web Services (AWS)
Azure
Border Gateway Protocol
Cisco PIX
Cisco Routers
Cloud Computing Security
Control Objectives for Information and Related Technology (COBIT)
Dynamic Host Configuration Protocol
Disaster Recovery
DNS
Enhanced Interior Gateway Routing Protocol
Federal Information Processing Standards (FIPS)
Identity and Access Management
Network Security
Lightweight Directory Access Protocols (LDAP)
Networking Basics
Routing
Network Protocols
Open Shortest Path First
Open Source Technology
Public Key Infrastructure
Role-Based Access Control
Software Systems
TCP/IP
Software Vulnerability Management
Transport Layer Security
Identity Services Engine
Load Balancing
Cloud Platform System
System Availability
Firewalls (Computer Science)
Information Technology
Nessus
ISO/IEC 27002
Plan of Action and Milestones
Vulnerability Analysis

Job description

  • Responsible for leading the largest task team on the Federal program across ~165 FISMA systems.
  • Will directs a 7 FTE RMF team plus ISSO support
  • Responsible for the full authorization package production (SSP, BIA, PTA/PIA, CP/IRP), annual CP/IRP testing, POA&M and waiver management, C-SCRM, with independent QA of every package before AO submission.
  • Prior leadership of automation-assisted A&A at portfolio scale is essential.
  • Lead the development and maintenance of comprehensive system security plans aligned with NIST standards and federal regulatory frameworks such as FISMA, FedRAMP, and DIACAP.
  • Conduct thorough security risk assessments and investigations to identify vulnerabilities within IT infrastructure, including network security, system hardening, and vulnerability management.
  • Oversee the implementation of security controls based on NIST SP 800-53, ISO 27000 series, ISO 27002 standards, and other applicable frameworks to ensure compliance across all systems.
  • Manage the accreditation process for government systems by coordinating with stakeholders to prepare documentation, perform security assessments, and obtain necessary authorizations.
  • Support incident response activities by investigating security incidents, conducting threat detection & response analyses, and facilitating incident recovery efforts.
  • Maintain awareness of evolving cybersecurity threats and regulatory requirements to proactively enhance security posture through governance, risk management (GRC) software solutions, and continuous monitoring.

Requirements

We are seeking a highly motivated and experienced RMF / A&A Lead with extensive NIH (National Institutes of Health) and HHS (Health and Human Services) experience to join our dynamic cybersecurity team. In this pivotal role, you will lead the Risk Management Framework (RMF) and Authorization & Accreditation (A&A) processes, ensuring our IT systems meet rigorous government security standards. Your expertise will drive the development, implementation, and continuous improvement of security policies, system security plans, and compliance programs.

Education / Experience: Bachelor's Degree + 8+ years RMF/A&A and ISSO experience across large federal portfolios (50+ systems strongly preferred)

Required Certifications: CISSP or CAP

Preferred: eMASS/CSAM/JCAM or equivalent; NIST SP 800-37/53/53A mastery; POA&M program management; C-SCRM/SBOM (EO 14028); FedRAMP reviews; OIG/GAO audit support; experience directing automated A&A artifact production, * 8+ years RMF/A&A and ISSO experience across large federal portfolios (50+ systems strongly preferred)

  • Prior leadership of automation-assisted A&A at portfolio scale is necessary in this role.
  • Deep understanding of system security plans, NIST standards (including SP 800-53), ISO 27000 series, FIPS compliance requirements.
  • Extensive experience with computer networking concepts such as LAN/WAN architecture, routing protocols (OSPF/EIGRP/BGP), network protocols (TCP/IP/SSL), load balancing, DNS/DHCP services.
  • Proficiency in managing network security devices including Cisco routers/switches, Cisco ASA firewalls, Palo Alto firewalls; familiarity with Cisco ISE for identity management.
  • Strong knowledge of cloud computing platforms like AWS and Azure; experience with cloud infrastructure security best practices including FedRAMP compliance.
  • Expertise in IT risk management frameworks such as COBIT or DIACAP; ability to perform vulnerability assessments using tools like Nessus or open-source equivalents.
  • Skilled in implementing identity & access management solutions such as LDAP/Active Directory/RBAC; experience with encryption technologies including PKI and FIPS standards.
  • Ability to develop and enforce security policies related to system hardening, incident management, disaster recovery planning, high availability configurations, and threat intelligence analysis.

Benefits & conditions

Pulled from the full job description Referral program Professional development assistance Tuition reimbursement 401(k) Health insurance Retirement plan 401(k) matching, * 401(k)

  • 401(k) matching
  • Dental insurance
  • Employee assistance program
  • Employee discount
  • Flexible spending account
  • Health insurance
  • Life insurance
  • Paid time off
  • Professional development assistance
  • Referral program
  • Retirement plan
  • Tuition reimbursement
  • Vision insurance

License/Certification:

  • active CISSP or CAP certification? (Required)

Apply for this position