RMF Lead - Risk Management Support Task Lead - Secret or TS

Job Title: RMF Lead – Risk Management Support Task Lead

Location: Scott AFB, IL – St. Clair County – On Site

Clearance Required: Active Secret or Top-Secret

Salary Range: $135K-$165K Based on Experience

Final date to receive applications: June 30, 2026

Leads the risk management support team on the Senior Information Security Officer (SISO) effort, managing on-site deliverables and serving as the day-to-day technical lead for Information Systems Security Engineering (ISSE), security control assessment, and vulnerability management across the approximately 40 systems in the portfolio. Executes the DoD Risk Management Framework (RMF) per DoDI 8510.01 and NIST SP 800-37 Rev 2 across on-premises and commercial cloud environments.

Reports to the Task Order Program Manager and coordinates directly with the Government functional lead.

• Lead execution of the DoD Risk Management Framework (DoDI 8510.01; NIST SP 800-37 Rev
  2) across on-premises and commercial cloud (Azure/AWS) environments for assigned USTRANSCOM systems
• Manage on-site deliverables and coordinate directly with the Government functional lead on priorities, schedules, and work products
• Direct ISSE lifecycle support consistent with NIST SP 800-160 Vol I and Vol II, including security architecture and control-selection input
• Oversee security control assessment and continuous monitoring, producing risk analyses and recommendations for the Security Control Assessor (SCA) and Authorizing Official (AO)
• Lead vulnerability management - ACAS scanning, DISA STIG compliance, IAVM tracking, and POA&M development and remediation
• Drive eMASS workflows (package build, control assessment, artifact review) and complete RMF triage within required timelines
• Supervise team utilization, schedules, and the quality of risk-management work products across the support team
• Brief risk posture, residual risk, and mitigation recommendations to Government stakeholders and S2i2 program leadership

• Minimum 7 years leading teams in Information Systems Security Engineering (ISSE), security control assessment, and vulnerability management within the DoD
• Proven expertise applying the Risk Management Framework (RMF) to DoD systems
• Active DoD 8570.01-M / 8140 Information Assurance Management (IAM) Level III certification (e.g., CISM or CISSP)
• Demonstrated hands‑on experience with eMASS, ACAS, and DISA STIGs
• Active SECRET or TS clearance

• Scott AFB, or other Combatant Command / Joint headquarters cyber experience
• Prior service as a Security Control Assessor Representative (SCAR) on behalf of an SCA/AO
• Experience managing RMF across a large multi‑system portfolio (30+ systems)
• NIPRNet and SIPRNet experience; commercial cloud (Azure/AWS) authorization experience
• Familiarity with Zero Trust implementation across on-premises and cloud applications
• Bachelor's degree in cybersecurity, information systems, or a related technical field

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information.