Qualifications:
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent experience).
- Experience in cybersecurity compliance, RMF, risk management, or related environments.
- Demonstrated experience supporting enterprise-level cybersecurity or compliance programs.
- Experience working in complex IT environments with federal or regulated systems.
- Strong knowledge of NIST RMF (SP 800-37) and NIST SP 800-53 controls.
- Experience with A&A, ATO processes, and continuous monitoring.
- Familiarity with GRC tools (e.g., Archer, Xacta, CSAM).
- Experience with vulnerability management and risk prioritization.
- Strong documentation and technical writing skills.
- Analytical and problem-solving capabilities.
- Ability to communicate effectively with technical and non-technical stakeholders
- Required Certifications
- Role-appropriate cybersecurity certification demonstrating competency in compliance, RMF, or risk management.
- Examples include: Security+, CISA, CISSP (or equivalent certifications aligned with role responsibilities).
- Support RMF lifecycle activities including system authorization, reauthorization, and continuous monitoring.
- Develop, maintain, and update security documentation (SSPs, SARs, POA&Ms, contingency plans).
- Perform security control assessments (SCA) and control validation activities.
- Track and manage POA&Ms, vulnerabilities, and remediation activities.
- Conduct risk assessments, gap analyses, and compliance reviews.
- Support FISMA, NIST SP 800-53, and other federal compliance requirements.
- Coordinate with system owners, ISSOs, engineers, and auditors.
- Support audit readiness and respond to internal/external audit requests.
- Maintain RMF artifacts in GRC tools (e.g., Xacta, Archer, ServiceNow).
- Assist with continuous monitoring, reporting, and compliance metrics development.