×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer

Risk Management Framework Manager National Harbor, MD

Job in Hagerstown, Washington County, Maryland, 21749, USA
Listing for: CACI International Inc.
Full Time position
Listed on 2026-06-13
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer
Salary/Wage Range or Industry Benchmark: 100000 - 125000 USD Yearly USD 100000.00 125000.00 YEAR
Job Description & How to Apply Below
Position: Risk Management Framework Manager National Harbor, MD, US
## Risk Management Framework Manager National Harbor, MD, USApply Now Find out how well you match with this jobJob ID327492

Job Title:

Risk Management Framework Manager Job Category:
Information Technology Time Type:
Full time Minimum Clearance Required to Start:
None Employee Type:
Regular Percentage of

Travel Required:

None Type of Travel:
None*
* **
* The Opportunity:

** CACI is searching for a Risk Management Framework (RMF) Manager Subject Matter Expert to support the FEMA Office of the Chief Information Security Officer (OCISO) in Washington, D.C. As an RMF Subject Matter Expert, you will play a crucial role in ensuring the security and compliance of FEMA's information systems through expert guidance on security design, development, and Supply Chain Risk Management.

You will work in a dynamic environment, collaborating with IT system owners, developers, stakeholders, and cybersecurity professionals to implement robust security controls from the design phase forward. Your efforts will directly contribute to safeguarding FEMA's mission-critical systems and data through advanced automation and integration. The RMF SME will focus on security design, development, and Supply Chain Risk Management, supporting RMF implementation across FEMA systems.

This position requires deep knowledge of NIST RMF, NIST Cybersecurity Framework, and DHS 4300 Series. The RMF SME will provide input into security design and development of new and existing systems, support cloud security design and migration strategies, perform code analysis of Government-off-the-shelf (GOTS) applications, and review supply chain logistics of technology within Program Offices. This role is critical for identifying security risks early in the development lifecycle and ensuring systems are designed with security in mind.

** Responsibilities:
** The RMF SME will provide input into security design and development of new and existing systems to ensure security by design and support cloud security design, migration strategies, plans, policies, and procedures. This position requires performing static and dynamic code analysis of Government-off-the-shelf (GOTS) applications using automated tools and providing technical analysis of source code reviews and vulnerability resolution recommendations.

The RMF SME will generate residual risk reports documenting security risks that cannot be fully mitigated and review and analyze supply chain logistics of technology within Program Offices. Responsibilities include conducting risk analysis requiring collaboration with multiple internal and external partners, providing technical analysis of supply chain risk, and communicating findings to senior leadership monthly. The position involves participating in external agency meetings for classified and unclassified networks related to supply chain and using automated tools to view and report on supply chain risks.

The RMF SME will support NIST Cybersecurity Framework, NIST RMF, and DHS cybersecurity requirements implementation, advise system owners on RMF process, and assist in managing risk throughout the system lifecycle. This position requires identifying applicable NIST SP 800-37 RMF requirements for systems and applications and assessing security posture of applications and systems to determine compliance and risk levels. Critical deliverables include preparing Static Code Analysis Reports annually or within 30 days after code release, generating Risk Analysis Reports within 0 to 15 days after analysis completion, and developing POA&Ms within 0 to 15 days after issue identification.

The RMF SME will create Cybersecurity Strategy and Policy documents within 30 days after new system identification or significant modifications, develop Requirements Traceability Matrix within 10 days after system identification, and produce Weekly Activity Reports and Monthly Program Reports.

*
* Qualifications:

*
*
* Required:

*    - U.S. Citizenship required     - FEMA EOD suitability or Current DHS or FEMA EOD preferred  - BS/BA + 15 years of applicable experience in information security and RMF     - Minimum 7 years of experience in information security and RMF     - Deep…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search