"Alerted.org

The Cybersecurity RMF Manager is responsible for providing comprehensive cybersecurity authorization and accreditation services in support of the Risk Management Framework (RMF) process for USACE systems, networks, and applications. This role involves collaborating with system owners, cybersecurity teams, and technical teams to advance through all six steps of the RMF process, developing security plans, generating assessment reports, formulating remediation plans, and ensuring compliance with DoD, Army, and USACE policies and procedures.

Key Responsibilities

+ Lead organizations through all six steps of the DoD Risk Management Framework (RMF) process

+ Categorize information systems based on FIPS 199 and NIST SP 800-53 standards

+ Develop comprehensive security plans and control selection documentation

+ Coordinate security control implementation and system-specific security testing

+ Generate assessment reports and security control assessment documentation

+ Develop remediation plans and implement corrective actions for identified vulnerabilities

+ Manage Security Authorization Agreements (SAA) and Authority to Operate (ATO) processes

+ Maintain RMF documentation in approved repositories such as eMASS (Enterprise Mission Assurance Support Service)

+ Monitor security states and ensure continuous compliance with security controls

+ Serve as subject matter expert on RMF processes, DISA requirements, and security authorization best practices

+ Prepare security authorization briefings and compliance reports for government stakeholders

Required Qualifications

+ Bachelor's degree in Cybersecurity, Information Technology, or related field (or equivalent work experience)

+ 8+ years of experience in cybersecurity roles with strong background in Risk Management Framework (RMF) process

+ Expert-level knowledge of DoD, Army, and USACE cybersecurity policies and procedures

+ Demonstrated proficiency in developing security plans and generating assessment reports

+ Extensive experience with categorizing information systems and selecting/implementing security controls

+ Proficiency in producing DISA-required artifacts and documenting RMF data in approved repositories (eMASS)

+ Strong analytical, problem-solving, and communication skills

Preferred Qualifications

+ CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) certification

+ Certified Authorization Professional (CAP) certification from (ISC)²

+ Familiarity with DoD and/or USACE IT environment and RMF implementation practices

+ Experience with eMASS platform for RMF documentation and artifact management

+ Knowledge of NIST SP 800-53 security controls and continuous monitoring frameworks

+ Background in federal IT security authorization and compliance

+ Experience with system categorization (FIPS 199, NIST SP 800-30 risk assessment)

Required Skills

+ Risk Management Framework (RMF) Process Management

+ NIST Security Controls & Implementation

+ Security Authorization & ATO Management

+ Security Plan Development & Documentation

+ DISA Compliance & Artifact Development

Preferred Skills

+ eMASS Platform Administration

+ DoD & USACE Security Policies

+ Continuous Monitoring & Security State Management

+ Risk Assessment & Threat Analysis

+ Federal Authorization Frameworks

Compensation Ranges

Compensation ranges for ASM Research positions vary depending on multiple factors; including but not limited to, location, skill set, level of education, certifications, client requirements, contract-specific affordability, government clearance and investigation level, and years of experience. The compensation displayed for this role is a general guideline based on these factors and is unique to each role. Monetary compensation is one component of ASM's overall compensation and benefits package for employees.

EEO Requirements

It is the policy of ASM that an individual's race, color, religion, sex, disability, age, sexual orientation or national origin are not and will not be considered in any personnel or management decisions. We affirm our commitment to these fundamental policies.

All recruiting, hiring, training, and promoting for all job classifications is done without regard to race, color, religion, sex, disability, or age. All decisions on employment are made to abide by the principle of equal employment.

Physical Requirements

The physical requirements described in "Knowledge, Skills and Abilities" above are representative of those which must be met by an employee to successfully perform the primary functions of this job. (For example, "light office duties' or "lifting up to 50 pounds" or "some travel" required.) Reasonable accommodations may be made to enable individuals with qualifying disabilities, who are otherwise qualified, to perform the primary functions.

Disclaimer

The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job.

$122,900 - 154,500

EEO Requirements

It is the policy of ASM that an individual's race, color, religion, sex, disability, age, gender identity, veteran status, sexual orientation or national origin are not and will not be considered in any personnel or management decisions. We affirm our commitment to these fundamental policies.

All recruiting, hiring, training, and promoting for all job classifications is done without regard to race, color, religion, sex, veteran status, disability, gender identity, or age. All decisions on employment are made to abide by the principle of equal employment.