×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Risk Management Framework; RMF), Security, and Authorization to Operate; ATO Manager

Job in Millersville, Anne Arundel County, Maryland, 21108, USA
Listing for: i4DM
Full Time position
Listed on 2026-06-03
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Job Description & How to Apply Below
Position: Risk Management Framework (RMF), Security, and Authorization to Operate (ATO) Manager
Description

About Our Team

Our employees thrive in a culture that is fast-paced, collaborative, and ego-free, where innovation and teamwork are encouraged at every level. We provide Federal agencies with immediate access to highly skilled professionals who understand complex mission challenges and deliver efficient, scalable solutions. By continuously investing in talent, technology, and specialized capabilities, we maintain expert teams prepared to support evolving Federal missions through tailored technical solutions and modern service delivery approaches.

We value diverse perspectives and strive to attract talent from all backgrounds. We are seeking professionals who are passionate about technology, mission success, and solving complex operational challenges with creativity and purpose. If you enjoy expanding your technical expertise while supporting impactful Federal initiatives, you will thrive within our organization. Veterans and military spouses are strongly encouraged to apply and bring their valuable experience to our team.

About the Role

We are seeking an experienced and highly motivated Risk Management Framework (RMF), Security, and Authorization to Operate (ATO) Manager to serve as the Contractor's lead responsible for cybersecurity compliance, RMF lifecycle execution, and authorization activities supporting a mission-critical enterprise platform within the Department of Veterans Affairs (VA) environment.

In this role, you will coordinate closely with the Program Manager, Technical Directors, and Government cybersecurity stakeholders (e.g., AO, ISSO, ISO) to ensure continuous compliance with Federal cybersecurity requirements and uninterrupted ATO status across all supported systems and services.

The RMF, Security, and ATO Manager will oversee all cybersecurity, compliance, and authorization activities across a complex cloud-hosted platform, ensuring alignment with VA security policies, NIST RMF processes, and continuous monitoring requirements. This position requires deep expertise in Federal cybersecurity frameworks, RMF lifecycle management, and secure cloud or hybrid environments supporting healthcare systems and Protected Health Information (PHI).

RESPONSIBILITIES

RMF Lifecycle & ATO Management
  • Lead all Risk Management Framework (RMF) and Authorization to Operate (ATO) activities across the platform and hosted applications.
  • Manage the full RMF lifecycle (Categorize, Select, Implement, Assess, Authorize, Monitor) to ensure continuous compliance and no lapse in authorization status.
  • Coordinate directly with Government stakeholders (AO, ISSO, ISO) to support authorization efforts, renewals, and significant change requests.
Security Documentation & Compliance
  • Oversee development and maintenance of all required security documentation, including System Security Plans (SSPs), POA&Ms, Security Assessment Reports, contingency plans, and authorization artifacts.
  • Ensure all documentation remains accurate, current, and aligned with system architecture, operations, and control implementations.
  • Ensure compliance with Federal and healthcare security requirements, including NIST SP 800-53, FISMA, HIPAA, and VA cybersecurity policies.
Continuous Monitoring & Risk Management
  • Lead continuous monitoring (CONMON) activities, including vulnerability scanning, remediation tracking, and compliance reporting.
  • Manage POA&M lifecycle, ensuring timely updates, mitigation tracking, and closure of findings.
  • Identify, track, and mitigate cybersecurity risks impacting system authorization and operational readiness.
  • Ensure vulnerabilities are prioritized and resolved within required timelines and escalate high-risk issues as needed.
Security Integration & Operations
  • Coordinate with engineering, Dev Sec Ops , and operations teams to ensure security controls are implemented and validated across cloud and application environments.
  • Support integration of security practices into CI/CD pipelines, including automated testing (SAST, DAST, container scanning, IaC validation).
  • Support incident response activities from a security perspective, ensuring proper documentation, root cause analysis, and corrective actions.
Audit, Reporting &…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search