×
Register Here to Apply for Jobs or Post Jobs. X

RMF, Security & ATO Manager; Remote

Remote / Online - Candidates ideally in
Stafford, Stafford County, Virginia, 22554, USA
Listing for: Oxley Enterprises, Inc.
Remote/Work from Home position
Listed on 2026-07-02
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 131725 - 171026 USD Yearly USD 131725.00 171026.00 YEAR
Job Description & How to Apply Below
Position: RMF, Security & ATO Manager (Remote)

Excluded States and Districts
:

The following states and districts are excluded from this job ad: AK, CA, CO, CT, DC, HI, LA, MA, MN, MO, NE, NV, NH, NJ, NM, NY, ND, OR, PR, RI, VT, WA, WY.

Future Need – Actively Interviewing

Location
:

Remote in any United States jurisdiction not excluded from this job advertisement.

Job Summary

As the RMF, Security & ATO Manager, you will lead Risk Management Framework, cybersecurity, and Authority to Operate activities for complex multi‑tenant cloud environments, ensuring continuous compliance, zero ATO lapses, and a proactive security posture across a healthcare platform and all hosted tenant applications.

Position Description

The Risk Management Framework (RMF), Security & Authority to Operate (ATO) Manager serves as the lead for cybersecurity compliance, RMF implementation, and authorization activities supporting a mission‑critical VA healthcare platform.

Minimum General Experience

10 years of experience in federal cybersecurity, information assurance, RMF compliance, and ATO processes.

Minimum Education

Bachelor's Degree in cybersecurity, information assurance, computer science, or a related field.

Essential

Skills and Qualifications
  • Expert ability to ensure all security and authorization activities are executed in accordance with approved cybersecurity policies, RMF processes, and Government security requirements.
  • Expert experience managing RMF and ATO processes for complex enterprise or mission‑critical systems.
  • Expert knowledge of the NIST RMF steps (e.g., Categorize, Select, Implement, Assess, Authorize, Monitor).
  • Expert experience managing federal ATO/ATC packages, continuous monitoring programs, and POA&M lifecycle management.
  • Expert understanding of VA Office of Information Technology (OI&T) security governance, directives, and VA Handbook 6500 series.
  • Excellent knowledge of Federal cybersecurity frameworks, security compliance processes, and continuous monitoring practices.
  • Excellent experience conducting and coordinating security audits.
  • Excellent ability to produce and maintain all required RMF security documentation.
  • Excellent knowledge of multi‑tenant ATO inheritance frameworks, authorization boundaries, and security control allocation between platform and tenant layers.
  • Above average experience with vulnerability scanning tools (e.g., Nessus), Static Application Security Testing (SAST) integration, and vulnerability remediation tracking.
  • Above average knowledge of healthcare and privacy control implementation in a cloud‑hosted environment.
  • Knowledge of VA Technical Reference Model (TRM) submission processes, connection management, and credential/account access audit requirements.
  • Experience using SNOWCAM.
  • Experience supporting Federal Government programs and systems operating in cloud or hybrid environments.
  • Excellent verbal and communication skills.
Physical Requirements
  • Assignment Location – Remote.
  • Sedentary work; may exert up to 10 pounds of force occasionally for lifting, carrying, pushing, pulling, or moving objects.
  • Typing, communicating, repetitive motions.
  • Close visual acuity to prepare and analyze data, view computer monitors, and read. May need to view presentation screens and other visual aids in a virtual setting.
  • Inside environmental conditions with protection from outside elements.
Security Clearance

Active Federal Civilian Public Trust clearance required. Must be a U.S. citizen or permanent resident who has lived in the United States for at least 3 years.

Federal Civilian Public Trust Details
  • Covers 10‑year period and, in some instances, lifetime events.
  • Includes OPM Security Investigations Index (SII), DOD Defense Central Investigations Index (DCII), National Agency Check (NAC), FBI name check, FBI fingerprint check, credit report check, written inquiries to previous employers, potential interviews with the subject, spouse, neighbors, supervisors, coworkers, law enforcement check, court records check, education check – attendance and degrees.
Representative Tasks and Activities
  • Maintains regular communication with the Contracting Officer's Representative (COR) and Government cybersecurity leadership regarding system authorization status, security posture,…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary