Risk Management Framework; RMF Analyst

Contract Support Specialist/Recruiter at FedITC LLC

4 days ago Be among the first 25 applicants

This range is provided by FEDITC. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

$95,000.00/yr - $/yr

Direct message the job poster from FEDITC

FEDITC is seeking a Risk Management Framework (RMF) Analyst to support cybersecurity compliance and accreditation efforts for federal systems. The ideal candidate will have hands‑on experience with the RMF lifecycle, excellent documentation skills, and the ability to collaborate effectively with cross‑functional teams to achieve and maintain system Authorization to Operate (ATO). A United States Citizenship and active Secret DoD Security Clearance is required to be considered for this position.

• Support execution of the full RMF lifecycle (Categorization, Selection, Implementation, Assessment, Authorization, and Monitoring) for assigned systems.
• Develop, review, and maintain RMF documentation including System Security Plans (SSPs), Security Assessment Reports (SARs), POA&Ms, Contingency Plans, and other artifacts.
• Conduct risk assessments and control validation activities in accordance with NIST SP 800-53 and other relevant guidelines.
• Coordinate with ISSMs, system owners, engineers, and assessors to ensure control implementation, evidence collection, and audit readiness.
• Perform continuous monitoring activities and maintain ongoing system security posture.
• Track and manage system accreditation status using tools such as eMASS, XACTA, or equivalent.
• Assist with internal and external security audits and inspections.
• Identify and recommend risk mitigation strategies to ensure compliance and enhance security.

• Bachelor’s degree in Cybersecurity, Information Systems, or a related technical field.
• Minimum of 3 years of hands‑on experience supporting RMF or similar compliance frameworks.
• Knowledge of NIST RMF standards (800-37, 800-53, 800-30).
• Experience with cybersecurity tools and risk management platforms (e.g., eMASS, ACAS, STIGs, SCAP tools).
• Active DoD 8570.01‑M certification (e.g., Security+, CAP, or CISSP).
• Strong written and verbal communication skills.
• Ability to work independently and collaboratively in a fast‑paced environment.
• Active U.S. government security clearance (Secret or higher preferred).

• Experience with DoD or federal civilian accreditation processes.
• Experience transitioning systems from DIACAP to RMF.
• Familiarity with cloud security compliance (FedRAMP, AWS/Azure controls)

• Active Secret Security Clearance is required.
• Must be a US Citizen and pass a background check.
• Maintain applicable security clearance(s) at the level required by the client and/or applicable certification(s) as requested by FEDITC and/or required by FEDITC’S Client(s)/Customer(s)/Prime contractor(s).

• Medical
• Vision
• 401K with 4% match
• Paid Time Off (PTO)
• Life and Disability Insurance
• Employee Assistance Program
• Flexible Spending Accounts (FSA)
• Dependent Care Reimbursement Program
• Group Term Life Insurance
• Supplemental Life and A&D Insurance
• Short & Long‑Term Disability
• Life Discount Program

Mid‑Senior level

Full‑time

Information Technology

Scott AFB, IL

FEDITC, LLC is committed to fostering an inclusive workplace and provides equal employment opportunities (EEO) to all employees and applicants for employment. We do not employ AI tools in our decision‑making processes. Regardless of race, color, religion, sex (including pregnancy), sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran, FEDITC, LLC.

ensures that all employment decisions are made in accordance with applicable federal, state, and local laws.