Risk Management Framework (RMF) SME
Apply Job ID 23653 Date posted 10/31/2024Job Family:
IT Cyber Security
Travel Required:
Clearance Required:
What You Will Do:
Guidehouse is seeking a Risk Management Framework (RMF) SME who will be responsible for providing project and process support to client system owners and system security officers during all phases of the RMF process. Responsibilities include the following:
- Developing and maintaining RMF project plans and status updates.
- Reviewing NIST SP 800-37 RMF ATO packages, policy, and procedure documents and related artifacts in accordance with applicable standards and regulations.
- Reviewing security documentation and working with system technical teams to support the creation and maintenance of technical documentation.
- Advising client stakeholders on the adherence of security and privacy control implementations to NIST SP 800-53 and Intelligence Community requirements.
- Performing walkthrough interviews and maintaining communication with a variety of client stakeholders, including system technical personnel such as network engineers, developers, and system administrators.
- Requesting, obtaining, and reviewing compliance artifacts to assist in executing security and privacy controls testing such as security plans, SOPs, system screenshots, and system configuration settings.
- Aiding in the evaluation of security and privacy controls using provided artifacts, industry-standard guidance, leading practices, and professional judgement.
- Summarizing and communicating security and privacy control assessment results to a variety of client stakeholders, including senior leadership.
- Facilitating third-party security assessment activities.
- Working with client personnel to understand and analyze known security control weaknesses, identify root causes, and develop remediation plans.
- Providing subject matter expertise to client personnel on all matters relating to IT controls and responding to ad-hoc IT controls requests from client personnel.
- Facilitating resolution of POA&M items.
- Serving as liaison between client management and associated stakeholders for all authorization and information security related issues.
What You Will Need:
- An ACTIVE and MAINTAINED TOP SECRET Federal or DoD security clearance
- Bachelor’s degree
- FIVE (5) or more years of work experience related to Risk Management Framework (RMF) or IT Security or Information Security or Information Assurance or Information Technology and/or Cybersecurity
What Would Be Nice To Have:
- Experience as Information System Security Officer preferred.
- Experience supporting customers in a client-facing environment.
- Experience in executing all phases of the RMF process to achieve and maintain ATO certification.
- Demonstrated experience facilitating meetings, interfacing with stakeholders, and creating, analyzing, and/or updating system security documentation to support ATO requirements.
- Excellent written and verbal communication skills.
- Demonstrated ability to use effective facilitation and presentation skills and techniques.
- Ability to work onsite at client site in Washington DC a minimum of three days a week.
- Experience with cybersecurity technologies and/or Information Assurance in the federal space.
- Experience creating and updating Authorization to Operate package artifacts such as Privacy Plans, Contingency Plans (CP), Contingency Plan Tests (CPT), and System Security Plans (SSP).
- Experience with Intelligence Community and National Security System cybersecurity requirements.
- Understanding of Zero Trust.
- Understanding of security considerations associated with emerging technology such Artificial Intelligence (AI).
- Working knowledge of client Governance Risk & Compliance (GRC) tools such as XACTA or Archangel.
- Understanding and knowledge of federal information security and assurance laws, requirements, and guidance (i.e. FISMA, EO 14028).
- Demonstrated ability to multi-task and adapt to changing environments.
- Demonstrated ability to offer solutions and convey business impacts to clients in a clear and concise manner.
- Demonstrated ability to work collaboratively with others in a team environment.
- Proficiency in Microsoft Excel, Word, and PowerPoint.
What We Offer:
Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.
Benefits include:
Medical, Rx, Dental & Vision Insurance
Personal and Family Sick Time & Company Paid Holidays
Position may be eligible for a discretionary variable incentive bonus
Parental Leave and Adoption Assistance
401(k) Retirement Plan
Basic Life & Supplemental Life
Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts
Short-Term & Long-Term Disability
Student Loan PayDown
Tuition Reimbursement, Personal Development & Learning Opportunities
Skills Development & Certifications
Employee Referral Program
Corporate Sponsored Events & Community Outreach
Emergency Back-Up Childcare Program
Mobility Stipend
About Guidehouse
Guidehouse is an Equal Employment Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, ancestry, citizenship status, military status, protected veteran status, religion, creed, physical or mental disability, medical condition, marital status, sex, sexual orientation, gender, gender identity or expression, age, genetic information, or any other basis protected by law, ordinance, or regulation.
Guidehouse will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law or ordinance including the Fair Chance Ordinance of Los Angeles and San Francisco.
If you have visited our website for information about employment opportunities, or to apply for a position, and you require an accommodation, please contact Guidehouse Recruiting at 1-571-633-1711 or via email at RecruitingAccommodation@guidehouse.com. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.
Guidehouse does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Guidehouse and Guidehouse will not be obligated to pay a placement fee.