RMF Security Consultant

The Red Gate Group is seeking an experienced Risk Management Framework (RMF) Security Consultant to support the Defense Intelligence Agency (DIA) Chief Information Officer, Service Central Program Management Office (CIO-2). In this role you will provide expert guidance on cybersecurity strategy, RMF implementation, and security authorization processes to ensure DIA systems achieve and maintain Authority to Operate (ATO) in compliance with federal and IC security requirements.

Responsibilities:

* Serve as the subject matter expert on Risk Management Framework (RMF) implementation, providing strategic guidance to Government stakeholders on security authorization processes

* Lead and support Assessment and Authorization (A&A) activities throughout the system development lifecycle, from categorization through continuous monitoring

* Develop, review, and maintain System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms)

* Conduct security control assessments against NIST 800-53 and ICD 503 requirements for DIA information systems

* Advise program managers and system owners on security requirements, risk posture, and remediation strategies

* Collaborate with Information System Security Officers (ISSOs) and Information System Security Managers (ISSMs) to ensure compliance with DIA security policies

* Support the development and implementation of Continuous Monitoring strategies and processes

* Analyze security architectures and provide recommendations for security enhancements aligned with Zero Trust principles

* Prepare and deliver security briefings to senior Government leadership on system risk posture and authorization status

* Support Service Now Sec Ops module implementation for security workflow automation and vulnerability management tracking

* Assist with security requirements integration into Agile/Dev Sec Ops  development processes

* Coordinate with external stakeholders, including authorizing officials and security control assessors, throughout the A&A process

Qualifications:

* Active TS/SCI (CI Poly Preferred)

* Minimum 8 years of experience in cybersecurity, information assurance, or IT security consulting; at least a portion of experience must be within the last 2 years

* Experience developing and reviewing RMF documentation including SSPs, SARs, RTMs, and POA&Ms

* Master's degree in Cybersecurity, Information Security, Information Technology, Computer Science, or a related discipline from a college or university accredited by an agency recognized by the U.S. Department of Education OR Bachelor's degree in a related field from a college or university accredited by an agency recognized by the U.S. Department of Education, plus an additional 5 years of related senior experience (total of 13 years)

Travel Requirements:

* Travel will be required within Washington National Capital Region (NCR) on an as-needed basis for customer or corporate requirements.

Level of Responsibility:

* Work includes the exercise of discretion and independent judgment concerning matters of administrative/operational needs.

Level of Supervision

Required:

* The supervisor sets the overall objectives and resources available. The employee plans and carries out the assignment resolves most of the conflicts, coordinates work with others and interpret policy on own initiative. The employee keeps the supervisor informed of progress, potentially controversial matters, or far-reaching implications.

Work Environment:

* This job operates in a professional office environment. This role routinely uses standard office equipment such as computers and phones.

* While performing the duties of this job, the employee is regularly required to communicate within a team environment.

* Ability to type, sitting or standing, to complete work functions for hours at a time; ability to move between sitting, standing and walking on a frequent basis.

* This is a full-time position, requiring 40 hours per week on site, Monday through Friday, within the contract hours of 6:00 a.m. to 6:00 p.m.

Other Duties:

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.