Security, RMF Lead

🕒 May 27

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Essnova Solutions, Inc.

WebsiteLinkedInAll Job Openings

11 - 50 employees

Founded 2005

🏛️ Government

🔒 Cybersecurity

🤖 Artificial Intelligence

Government • Cybersecurity • Artificial Intelligence

Essnova Solutions, Inc. is a technology and professional services firm that provides IT solutions, value‑added reseller (VAR/ITVAR) services, geospatial and environmental solutions, staff augmentation and healthcare support, and digital citizen/customer experience services to federal, state & local governments, education, commercial, and healthcare clients. The company is a certified 8(a) and HUBZone small business with multiple GSA contracting vehicles and focuses on cloud migration, big data and AI, information and cybersecurity, program and project management, and end‑to‑end technology implementation and support.

📋 Description

• Maintain System Security Plans (SSPs) as living documents for all NCHS systems, ensuring timely updates after security-impacting changes. • Manage Plan of Action & Milestones (POA&Ms) with quarterly progress reviews, closure evidence, and remediation tracking. • Remediate vulnerabilities within mandated timelines, track findings through closure, and provide retesting evidence. • Prepare Authorization to Operate (ATO) packages—including SSPs, POA&M status, assessment results, and risk analysis—for Authorizing Official review. • Conduct annual security assessments of one-third-plus-key-controls using CSAM or equivalent tools. • Submit monthly authenticated vulnerability and application scan results by the fifth business day. • Coordinate among developers, system owners, and security staff, and liaise with CDC CSPO, NCHS SSPO, and CDC Enterprise Architects. • Follow CDC CSPO Change Management SOP, including security impact analysis for post-ATO changes. • Support implementation of the Risk Management Framework (RMF), FISMA compliance, and OMB directives. • Produce security-related EPLC artifacts for governance and stage-gate reviews. • Lead SSP development during the 30-day transition-in activation sequence and support SSP submission within 30 days of contract award. • Support PTA/PIA activities with CDC privacy officials.

🎯 Requirements

• Bachelor's degree in cybersecurity, information assurance, computer science, or a related field • 6+ years of federal information security experience applying NIST RMF (NIST SP 800-37) • Experience developing and maintaining SSPs, POA&Ms, and ATO packages for FIPS 199 Moderate or higher systems • Experience using vulnerability scanning results to track remediation to closure (including retesting evidence) in a federal environment • Hands-on experience with federal security management tools (CSAM and eMASS) • Working knowledge of NIST SP 800-53 Rev. 5 and NIST SP 800-53A • Knowledge of FISMA 2014 reporting and OMB security directives • Knowledge of Privacy Act and E-Government Act privacy provisions, including PTA/PIA processes • Experience coordinating with federal ISSOs/CISOs and security authorization officials • Active Tier 4 / High Risk / Public Trust Level 6+ clearance at proposal submission • Eligibility for HSPD-12/PIV • Availability to work during Eastern Time (ET) business hours

🏖️ Benefits

• Medical, dental, and vision insurance • 401(k) with company match • Paid time off + federal holidays • Fast-track growth in a high-accountability culture