×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity

Senior IA Policy & Compliance​/RMF Lead

Job in Sierra Vista, Cochise County, Arizona, 85635, USA
Listing for: TekSynap
Full Time position
Listed on 2025-12-22
Job specializations:
  • IT/Tech
    Cybersecurity
Job Description & How to Apply Below
Responsibilities & Qualifications

RESPONSIBILITIES

  • Ensures compliance with current and emerging RMF requirements for all capabilities and services.
  • Risk Management Framework (RMF) is a DoD-mandated process for all systems, capabilities, services, network devices, and emerging capabilities operating on the DoDIN.
  • Use established Government guidelines and reporting procedures.
  • Coordinate with the Government Lead on overall priorities and changes to Government processes and procedures.
  • Manage and maintain a valid, current eMASS record for each system, capability, service, or pilot identified in Specific Tasks, and those identified by the Government as emerging requirements. eMASS records may be classified, unclassified, or both.
  • Utilize the RMF Knowledge Service, policy, and guidance in the accomplishment of all RMF tasks.
  • Develop and submit a System Security Plan for each new eMASS record or child record.
  • Apply all relevant control baselines and additional control overlays for each record.
  • Assign all baseline security controls and RMF overlay controls.
  • Assign inheritance per current DoD and Army continuous monitoring guidance.
  • Update and maintain the software and hardware list to reflect any changes for each system, capability, service, or pilot.
  • Update and maintain RMF records per site location, ensuring accurate hardware and software inventories, ACAS scans, and other unique site location data.
  • Update and maintain PPS/firewall documentation to reflect any changes for each system, capability, service, or pilot.
  • Ensure monthly production security scans are completed for each system, capability, service, or pilot and uploaded into the eMASS record.
  • Ensure STIGs are routinely addressed at least quarterly, and controls are implemented and updated within the eMASS record.
  • Update POA&Ms to reflect the results of the monthly security scans and STIG updates.
  • Ensure POA&M items accurately reflect strong corrective actions or mitigations that reduce the security threat to the DoDIN-A, Army data, and Army customers.
  • Verify that all remediation dates are achievable.
  • Publish the POA&M workflow IAW with Government processes and procedures.
  • Verify that applicable CTO POA&Ms are saved into Artifacts, that the vulnerability is addressed within the eMASS POA&M, and that the POA&M workflow is released.
  • Verify that system documentation is signed, reviewed on a yearly basis, and uploaded into the eMASS record.
  • Complete the Annual Security Review and release the workflow.
  • Update and maintain all other actions and functions within the eMASS record.
  • Submit workflow for an ATO once all eMASS records actions are verified to be current and accurate; ensuring the workflow is complete and accurate and submitted 90 days prior to ATO expiration date.
  • Attend monthly RMF updates on each system, capability, service, or pilot, as conducted to meet ATO suspense dates and development of new system authorizations.
  • Responsible for performing and leading support of Certification and Accreditation (C&A) or other IA/CND Compliance and Auditing processes and inspections for all enterprise systems and networks.
  • Ensures validity and accuracy review of all associated documentation.
  • Leads and performs compliance reviews of computer security plans, performs risk assessments, and validates and performs security test evaluations and audits.
  • Analyzes and defines security requirements for information protection for enterprise systems and networks.
  • Assists in the development of security policies.
  • Analyzes the sensitivity of information and performs vulnerability and risk assessments based on defined sensitivity and information flow.


    • REQUIRED QUALIFICATIONS

  • Active Top
    - Secret clearance
  • Active CISM or CISSO or FITSP-M or GCIA or GCSA or GCIH or GSLC or GICSP or CISSP-ISSMP or CISSP
  • Minimum of 12+ years of related IT experience
  • Bachelors degree in a related field
  • Complete DoD Enterprise Mission Assurance Support Service (eMASS) self-paced training within the transition-in period or 30 days after hiring.
  • Complete DoD training Enterprise Mission Assurance Support Service-eMASS (EM22014) virtual training within task order transition-in.
    • Overview

    We are seeking a Senior IA Policy &…

    Position Requirements
    10+ Years work experience
    To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
    (If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
     
     
     
    Search for further Jobs Here:
    (Try combinations for better Results! Or enter less keywords for broader Results)
    Location
    Increase/decrease your Search Radius (miles)

    Job Posting Language
    Employment Category
    Education (minimum level)
    Filters
    Education Level
    Experience Level (years)
    Posted in last:
    Salary
    Advanced Search