Manage full lifecycle Risk Management Framework (RMF) activities in accordance with NIST Special Publication 800-37. 

Develop, review, and maintain security authorization documentation, including System Security Plans (SSPs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms). 

Review and assess FedRAMP authorization packages, and package updates, to support the evaluation and use of cloud services. 

Monitor ATO packages in the FedRAMP Secure Repository 

Communicate with system owners, information systems security officers (ISSOs), Cloud Service Providers, and security stakeholders frequently to review significant system changes and ensure continued compliance with federal security requirements. 

Evaluate and validate implementation of security controls defined in NIST Special Publication 800-53 Rev. 5, including inherited and agency-implemented controls. 

Conduct risk assessments using methodologies consistent with NIST Special Publication 800-30 and provide risk analysis and recommendations to Authorizing Officials and senior stakeholders. 

Support continuous monitoring and ongoing authorization activities by reviewing vulnerability scans, tracking POA&Ms, and coordinating remediation efforts. 

Peer review cybersecurity policies, standards, procedures, and implementation guidance. 

Perform regulatory and policy analysis to ensure alignment with federal requirements and agency directives. 

Conduct gap analyses to assess compliance posture and recommend remediation strategies. 

Assist in development of control overlays, baseline updates, and security control tailoring guidance. 

Provide subject matter expertise in governance discussions. 

Support enterprise reporting activities, including risk metrics and compliance dashboards in ServiceNow. 

Provide documentation and analysis support for internal and external reviews, including FISMA reporting activities. 

Assist in preparing responses to oversight inquiries and tracking corrective actions. 

Perform quality assurance reviews of security documentation to ensure accuracy and consistency. 

Bachelor’s degree in Cybersecurity, Information Technology, Public Policy, or related discipline (or equivalent experience). 

Professional certification(s) such as CISSP, CISM, or CAP. 

Minimum of 7 years of progressive cybersecurity experience, including at least 4 years supporting federal RMF/A&A efforts. 

Demonstrated experience implementing the NIST Risk Management Framework. 

Strong knowledge of: 

Federal Risk and Authorization Management Program (FedRAMP) 

NIST Special Publication 800-53 Rev. 5 

Federal Information Security Modernization Act (FISMA) 

Federal Zero Trust Strategy (OMB M-22-09) 

Familiarity with federal cloud security requirements and FedRAMP-authorized environments. 

Experience supporting Moderate and/or High impact systems. 

Experience with Microsoft 365 office applications. 

Excellent written and verbal communication skills. 

Ability to engage effectively with technical teams and executive leadership. 

Active Public Trust clearance or ability to obtain. 

Experience with ServiceNow, CSAM and/or comparable GRC tools. 

Familiarity with Atlassian Confluence and JIRA. 

Experience contributing to enterprise-level cybersecurity policy initiatives. 

Familiarity with guidance pertaining to responsible AI usage by federal agencies (e.g., Executive Order 13960, OMB M-25-21 and M-25-22). 

Experience supporting federal research or grant-management systems. 

Federal Cybersecurity Governance 

Risk Assessment & Analysis 

Policy Development & Regulatory Interpretation 

Technical Documentation & Quality Assurance 

Stakeholder Engagement 

Analytical Problem Solving