Risk Management Framework SME
About The Position
GovCIO is currently hiring for a Risk Management Framework SME to support modernization effort. This position will be located in Hampton, VA on Joint Base Langley-Eustis and will be a fully onsite position. Responsibilities We are seeking a highly skilled Risk Management Framework (RMF) Subject Matter Expert (SME) with a strong information system security manager (ISSM) background and hands-on experience with XACTA. You will guide system owners, engineering, teams and leadership through the full RMF lifecycle- ensuring compliance, managing documentation, and supporting secure system operations across classified and unclassified environments. This position is located at Langley Air Force Base, Hampton, Virginia.
Requirements
- High School with 9+ years (or commensurate experience)
- Clearance: TS/SCI
- Proven experience supporting or performing duties as an ISSM or ISSO
- Hands-on experience with XACTA for RMF package development
- Experience with STIGs, ACAS, HBSS/Trellix, vulnerability management, and secure configuration baselines
- Strong communication skills and the ability to brief leadership and stakeholders
- DOD 8140 IAM Level III (CISSP, CISM, CCISO)
Nice To Haves
- Experience supporting complex, multi-system environments or programs of record
- Experience supporting CCRI/ Command Cyber Readiness Inspections
- Experience with DOD networks (NIPR, SIPR, JWICS)
Responsibilities
- Lead and manage the full DOD RMF process for assigned systems
- Provide ISSM-level oversight and guidance to ensure compliance with DOD, NIST and agency-specific security policies
- Develop, maintain, and validate RMF documentation including System Security Plans, Security controls traceability matrices, POA&M, and systems categorization artifacts
- Utilize XACTA for control implementation, evidence upload, package creation, workflow, management, and assessment preparation
- Work closely with engineers, administrators, developers, and mission stakeholders to ensure secure design and architecture decisions
- Lead assessment preparation activities and support independent audits, CCRI reviews, and Authorizing Official (AO) evaluations
- Conduct vulnerability analysis, risk assessment and remediation planning
- Guide continuous monitoring activities: STIG compliance, vulnerability scanning, patch management review, and incident documentation
- Serve as a subject matter expert for cybersecurity policy interpretation, control inheritance, and risk acceptance recommendations
- Provide training, mentoring and support to security analysts and program team members
Benefits
- Employee Assistance Program (EAP)
- Corporate Discounts
- Learning & Development platform, to include certification preparation content
- Training, Education and Certification Assistance
- Referral Bonus Program
- Internal Mobility Program
- Pet Insurance
- Flexible Work Environment
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
High school or GED
Number of Employees
501-1,000 employees
