Guidehouse
Risk Management Framework (RMF) SME
Guidehouse, Washington, DC
Job Family:
IT Cyber Security
Travel Required:
None
Clearance Required:
Active Top Secret (TS)
What You Will Do:
Guidehouse is seeking a Risk Management Framework (RMF) SME who will be responsible for providing project and process support to client system owners and system security officers during all phases of the RMF process. Responsibilities include the following:
What You Will Need:
What Would Be Nice To Have:
The annual salary range for this position is $115,200.00-$172,800.00. Compensation decisions depend on a wide range of factors, including but not limited to skill sets, experience and training, security clearances, licensure and certifications, and other business and organizational needs.
What We Offer:
Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.
Benefits include:
About Guidehouse
Guidehouse is an Equal Employment Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, ancestry, citizenship status, military status, protected veteran status, religion, creed, physical or mental disability, medical condition, marital status, sex, sexual orientation, gender, gender identity or expression, age, genetic information, or any other basis protected by law, ordinance, or regulation.
Guidehouse will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law or ordinance including the Fair Chance Ordinance of Los Angeles and San Francisco.
If you have visited our website for information about employment opportunities, or to apply for a position, and you require an accommodation, please contact Guidehouse Recruiting at [redacted] or via email at RecruitingA[redacted]. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.
Guidehouse does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Guidehouse and Guidehouse will not be obligated to pay a placement fee.
IT Cyber Security
Travel Required:
None
Clearance Required:
Active Top Secret (TS)
What You Will Do:
Guidehouse is seeking a Risk Management Framework (RMF) SME who will be responsible for providing project and process support to client system owners and system security officers during all phases of the RMF process. Responsibilities include the following:
- Developing and maintaining RMF project plans and status updates.
- Reviewing NIST SP 800-37 RMF ATO packages, policy, and procedure documents and related artifacts in accordance with applicable standards and regulations.
- Reviewing security documentation and working with system technical teams to support the creation and maintenance of technical documentation.
- Advising client stakeholders on the adherence of security and privacy control implementations to NIST SP 800-53 and Intelligence Community requirements.
- Performing walkthrough interviews and maintaining communication with a variety of client stakeholders, including system technical personnel such as network engineers, developers, and system administrators.
- Requesting, obtaining, and reviewing compliance artifacts to assist in executing security and privacy controls testing such as security plans, SOPs, system screenshots, and system configuration settings.
- Aiding in the evaluation of security and privacy controls using provided artifacts, industry-standard guidance, leading practices, and professional judgement.
- Summarizing and communicating security and privacy control assessment results to a variety of client stakeholders, including senior leadership.
- Facilitating third-party security assessment activities.
- Working with client personnel to understand and analyze known security control weaknesses, identify root causes, and develop remediation plans.
- Providing subject matter expertise to client personnel on all matters relating to IT controls and responding to ad-hoc IT controls requests from client personnel.
- Facilitating resolution of POA&M items.
- Serving as liaison between client management and associated stakeholders for all authorization and information security related issues.
What You Will Need:
- An ACTIVE and MAINTAINED TOP SECRET Federal or DoD security clearance
- Bachelor's degree
- FIVE (5) or more years of work experience related to Risk Management Framework (RMF) or IT Security or Information Security or Information Assurance or Information Technology and/or Cybersecurity
What Would Be Nice To Have:
- Experience as Information System Security Officer preferred.
- Experience supporting customers in a client-facing environment.
- Experience in executing all phases of the RMF process to achieve and maintain ATO certification.
- Demonstrated experience facilitating meetings, interfacing with stakeholders, and creating, analyzing, and/or updating system security documentation to support ATO requirements.
- Excellent written and verbal communication skills.
- Demonstrated ability to use effective facilitation and presentation skills and techniques.
- Ability to work onsite at client site in Washington DC a minimum of three days a week.
- Experience with cybersecurity technologies and/or Information Assurance in the federal space.
- Experience creating and updating Authorization to Operate package artifacts such as Privacy Plans, Contingency Plans (CP), Contingency Plan Tests (CPT), and System Security Plans (SSP).
- Experience with Intelligence Community and National Security System cybersecurity requirements.
- Understanding of Zero Trust.
- Understanding of security considerations associated with emerging technology such Artificial Intelligence (AI).
- Working knowledge of client Governance Risk & Compliance (GRC) tools such as XACTA or Archangel.
- Understanding and knowledge of federal information security and assurance laws, requirements, and guidance (i.e. FISMA, EO 14028).
- Demonstrated ability to multi-task and adapt to changing environments.
- Demonstrated ability to offer solutions and convey business impacts to clients in a clear and concise manner.
- Demonstrated ability to work collaboratively with others in a team environment.
- Proficiency in Microsoft Excel, Word, and PowerPoint.
The annual salary range for this position is $115,200.00-$172,800.00. Compensation decisions depend on a wide range of factors, including but not limited to skill sets, experience and training, security clearances, licensure and certifications, and other business and organizational needs.
What We Offer:
Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.
Benefits include:
- Medical, Rx, Dental & Vision Insurance
- Personal and Family Sick Time & Company Paid Holidays
- Position may be eligible for a discretionary variable incentive bonus
- Parental Leave and Adoption Assistance
- 401(k) Retirement Plan
- Basic Life & Supplemental Life
- Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts
- Short-Term & Long-Term Disability
- Student Loan PayDown
- Tuition Reimbursement, Personal Development & Learning Opportunities
- Skills Development & Certifications
- Employee Referral Program
- Corporate Sponsored Events & Community Outreach
- Emergency Back-Up Childcare Program
- Mobility Stipend
About Guidehouse
Guidehouse is an Equal Employment Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, ancestry, citizenship status, military status, protected veteran status, religion, creed, physical or mental disability, medical condition, marital status, sex, sexual orientation, gender, gender identity or expression, age, genetic information, or any other basis protected by law, ordinance, or regulation.
Guidehouse will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law or ordinance including the Fair Chance Ordinance of Los Angeles and San Francisco.
If you have visited our website for information about employment opportunities, or to apply for a position, and you require an accommodation, please contact Guidehouse Recruiting at [redacted] or via email at RecruitingA[redacted]. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.
Guidehouse does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Guidehouse and Guidehouse will not be obligated to pay a placement fee.