RMF Security Consultant

The Red Gate Group is seeking an experienced Risk Management Framework (RMF) Security Consultant to support the Defense Intelligence Agency (DIA) Chief Information Officer, Service Central Program Management Office (CIO-2). In this role you will provide expert guidance on cybersecurity strategy, RMF implementation, and security authorization processes to ensure DIA systems achieve and maintain Authority to Operate (ATO) in compliance with federal and IC security requirements.

• Serve as the subject matter expert on Risk Management Framework (RMF) implementation, providing strategic guidance to Government stakeholders on security authorization processes
• Lead and support Assessment and Authorization (A&A) activities throughout the system development lifecycle, from categorization through continuous monitoring
• Develop, review, and maintain System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms)
• Conduct security control assessments against NIST 800-53 and ICD 503 requirements for DIA information systems
• Advise program managers and system owners on security requirements, risk posture, and remediation strategies
• Collaborate with Information System Security Officers (ISSOs) and Information System Security Managers (ISSMs) to ensure compliance with DIA security policies
• Support the development and implementation of Continuous Monitoring strategies and processes
• Analyze security architectures and provide recommendations for security enhancements aligned with Zero Trust principles
• Prepare and deliver security briefings to senior Government leadership on system risk posture and authorization status
• Support Service Now Sec Ops module implementation for security workflow automation and vulnerability management tracking
• Assist with security requirements integration into Agile/Dev Sec Ops  development processes
• Coordinate with external stakeholders, including authorizing officials and security control assessors, throughout the A&A process

• Active TS/SCI (CI Poly Preferred)
• Minimum 8 years of experience in cybersecurity, information assurance, or IT security consulting; at least a portion of experience must be within the last 2 years
• Experience developing and reviewing RMF documentation including SSPs, SARs, RTMs, and POA&Ms
• Master's degree in Cybersecurity, Information Security, Information Technology, Computer Science, or a related discipline from a college or university accredited by an agency recognized by the U.S. Department of Education OR Bachelor's degree in a related field from a college or university accredited by an agency recognized by the U.S. Department of Education, plus an additional 5 years of related senior experience (total of 13 years
  )