Senior Risk Management Framework; A&A Consultant
Listed on 2026-07-04
-
IT/Tech
Cybersecurity, Information Security
Job Family
Cyber Consulting
Travel RequiredUp to 10%
Clearance RequiredAbility to Obtain Public Trust
What You Will DoThe Senior RMF / A&A Consultant is a subject matter practitioner responsible for executing cybersecurity authorization and compliance activities across cloud and enterprise systems. This role leads development of RMF artifacts, coordinates authorization activities, supports audits, and provides risk and compliance advisory services to government stakeholders.
Senior Consultants operate independently on complex assignments while contributing to overall program execution and mentoring junior team members.
Key Responsibilities- Lead development of RMF and A&A documentation including SSPs, control implementation matrices, SARs, POA&Ms, and risk acceptance materials.
- Support authorization of cloud services leveraging FedRAMP packages and agency specific control requirements.
- Coordinate A&A activities with System Owners, ISSOs, IAMs, and third party assessors.
- Support 3
PAO readiness assessments and SAR development for cloud platforms. - Prepare audit documentation, respond to PBC requests, and support FISMA and financial system audits.
- Track audit findings, develop POA&Ms, and support remediation efforts through closure.
- Develop recurring A&A and audit progress reports for government leadership.
- Maintain compliance repositories and ensure documentation remains current and audit ready.
- Must be able to OBTAIN and MAINTAIN a Federal or DoD “PUBLIC TRUST”; candidates must obtain approved adjudication of their PUBLIC TRUST prior to onboarding with Guidehouse. Candidates with an ACTIVE PUBLIC TRUST or SUITABILITY and maintain an active HHS/NIH clearance are preferred.
- Demonstrated experience supporting federal RMF and A&A activities.
- Minimum of THREE (3) years of hands on experience with NIST RMF and federal A&A processes
- Strong working knowledge of NIST SP 800 37, 800 53, FISMA, and FedRAMP.
- Experience supporting audits, evidence collection, and POA&Ms management.
- Ability to translate technical security requirements into clear, compliant documentation.
- Strong organizational, communication, and stakeholder coordination skills.
- Security+, CAP, or equivalent certification.
- Experience supporting third party assessments or SAR development.
- Familiarity with Service Now, GRC platforms, or audit tracking tools.
- Experience supporting cloud or financial system authorizations.
Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.
Benefits- Medical, Rx, Dental & Vision Insurance
- Personal and Family Sick Time & Company Paid Holidays
- Position may be eligible for a discretionary variable incentive bonus
- Parental Leave and Adoption Assistance
- 401(k) Retirement Plan
- Basic Life & Supplemental Life
- Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts
- Short-Term & Long-Term Disability
- Student Loan Pay Down Tuition Reimbursement, Personal Development & Learning Opportunities
- Skills Development & Certifications
- Employee Referral Program
- Corporate Sponsored Events & Community Outreach
- Emergency Back-Up Childcare Program
- Mobility Stipend
Guidehouse is an Equal Opportunity Employer–Protected Veterans, Individuals with Disabilities or any other basis protected by law, ordinance, or regulation.
Guidehouse will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law or ordinance including the Fair Chance Ordinance of Los Angeles and San Francisco.
#J-18808-Ljbffr(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).