Demo
Salary Resume Critique Job Openings

Senior RMF Subject Matter Expert

Iron Vine Security, LLC
Washington, DC Full Time
POSTED ON 1/21/2025
AVAILABLE BEFORE 4/21/2025

Job Requirements :

  • 8 years of Executive-Level cyber RMF consulting experience advising Cybersecurity programs in large federal organizations.
  • Strong interpersonal and human relations skills, including ability to communicate technical concepts to non-technical personnel.
  • Strong written, verbal, and presentation skills, including demonstrated ability to interact effectively with Senior Agency management and leadership.
  • Strong stakeholder management and engagement skills with staff at all levels, including ability to collaborate with people of varied technical backgrounds and management levels.
  • Advanced understanding of and experience with GRC tools, policy, procedures, and processes, including (but not limited to) FISMA audits and compliance, NIST, RMF, and recent Executive Orders.
  • Experience with NIST Risk Management Framework and Governance, Risk & Compliance (GRC) and Information Assurance capabilities / tools.
  • Strong familiarity with NIST Risk Management Framework at the subject matter expert level, particularly including SP 800-30, -37, -39, -137, -53, and -53A / B.
  • Ability to guide the development of enterprise-specific implementation guidance for agency management.
  • Ability to analyze and interpret Federal legislation, directives, Office of Management and Budget (OMB) mandates, and guidance provided by the National Institute of Standards and Technology (NIST) against existing information security and privacy policy to identify required updates.
  • Ability to conduct research on new and emerging information technologies and develop comprehensive information security and privacy policy, standards / guidelines, and procedures to facilitate the implementation of information security and privacy controls. Must have working knowledge of the Privacy Act of 1974 (as amended), the Federal Information Security Modernization Act (FISMA).
  • Manage the program team and oversee the development of Enterprise Information Security Trainings and Enterprise Outreach Campaign Plans.

Certifications / Licenses :

  • A Bachelor's degree from an accredited college in systems engineering, computer science, computer engineering, information technology, management information systems or equivalent.
  • Combined 13 years in cyber, IT or related fields.
  • At least one Cybersecurity or related certification. Preferred include :
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • GIAC Security Essentials Certification (GSEC)
  • Certified Authorization Professional (CAP)
  • Project Management Professional (PMP).
  • Active Secret clearance or higher.

    • Additional Experience Preferred :

  • Planning, developing, and implementing enterprise-scale cyber security programs for Federal Agencies.

    • o Planning and overseeing cyber and information security policies, processes, and procedures management activities.

    o Experience managing Security Controls Assessment teams.

    o Experience overseeing the development and execution of security and privacy assessment plans in accordance with NIST SP 800-53A, as amended, requirements, for each security assessment project.

    o Experience overseeing enterprise-scale standards, guidance, administration, templates, reports, processes and procedures, and leverage communication vehicles used by the key stakeholders.

  • Knowledge of penetration testing principles, tools, and techniques.
  • Knowledge of an organization's threat environment.
  • Experience with tools such as ServiceNow, Cylance, Tenable, Netsparker, Symantec DLP and Federal GRC tools (Xacta, CSAM, RSA Archer, Trusted Agent FISMA, Archangel, eMASS, etc.).

    • Position Responsibilities :

  • Be a driver of holistic and enterprise-scale changes in cyber-security programs within large Federal clients. Act as a "disruptor to the status-quo" to drive needed changes to cybersecurity and related agency-wide workflows (Privacy, SDLC, procurement, etc.) to ensure that security and privacy best-practices and statutory and regulatory requirements are met in a holistic and cost-effective manner.
  • Provide consultation expertise at various levels with a large Federal agency to develop and maintain enterprise-scale cyber security program that reacts quickly to changing regulatory and operational drivers, including emerging technical, operational and management risk-drivers :

    • o Participate in Daily, Weekly, and Monthly status meetings with key Government personnel, at times on short notice, to ensure stakeholders are informed of program status and progress on various cyber initiatives. Provide an opportunity to set priorities, identify opportunities or concerns, and coordinate resolution of identified problems.

    o Develop program level security documentation, audit liaison activities, and compliance oversight activities to strengthen the security program and promote compliance with the Risk Management Framework (RMF).

    o Support the performance of independent security and privacy control assessments in support of Security Assessment & Authorization (SA&A).

    o Support the management and implementation of continuous monitoring solutions to increase the visibility and transparency of network activity.

    Skills & Requirements Qualifications

    NOTES :

    Iron Vine Security is an equal opportunity employer. All qualified applicants are considered for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable federal, state or local laws.

    Iron Vine Security is a federal contractor. As such, we are subject to an Executive Order requiring all employees of federal contractors to be fully vaccinated for COVID-19 by December 8, 2021. Therefore, by applying for this position, you understand that you will be required to verify that you have been, or will be, fully vaccinated by December 8, or to verify that you cannot be vaccinated due to a legally recognized exception to the vaccine mandate set forth in the Executive Order.

    Note : An individual is not considered to be fully vaccinated until two weeks after receiving the second vaccine dosage in a vaccine regimen involving two vaccines.

    If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
    Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

    What is the career path for a Senior RMF Subject Matter Expert?

    Sign up to receive alerts about other jobs on the Senior RMF Subject Matter Expert career path by checking the boxes next to the positions that interest you.
    Income Estimation: 
    $171,018 - $218,368
    Income Estimation: 
    $146,514 - $195,399
    Income Estimation: 
    $152,549 - $188,894
    Income Estimation: 
    $194,072 - $240,547
    Income Estimation: 
    $135,994 - $168,063
    Income Estimation: 
    $161,209 - $233,553
    Income Estimation: 
    $112,673 - $137,290
    Income Estimation: 
    $139,945 - $168,577
    Income Estimation: 
    $140,233 - $181,029
    Income Estimation: 
    $161,209 - $233,553
    Income Estimation: 
    $139,945 - $168,577
    Income Estimation: 
    $164,835 - $201,088
    Income Estimation: 
    $135,994 - $168,063
    Income Estimation: 
    $161,209 - $233,553
    Income Estimation: 
    $194,072 - $240,547
    Income Estimation: 
    $220,784 - $286,649
    Employees: Get a Salary Increase
    View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

    Job openings at Iron Vine Security, LLC

    Deputy Incident Response Analyst
    Iron Vine Security, LLC
    Hired Organization Address Baltimore, MD Full Time
    Position Title : Deputy Incident Response Analyst Location : Baltimore, MD Hours : 8 am - 4pm (On-Call as Needed) Positi...
    Mid Security Analyst
    Iron Vine Security, LLC
    Hired Organization Address Baltimore, MD Full Time
    Position Title : Security_Analyst_(Mid) Location : Baltimore, MD Hours : 9 am - 5pm Position Summary : Iron Vine Securit...
    View More Jobs at Iron Vine Security, LLC

    Not the job you're looking for? Here are some other Senior RMF Subject Matter Expert jobs in the Washington, DC area that may be a better fit.

    Senior RMF Subject Matter Expert

    Iron Vine Security, LLC Career Center, Washington, DC

    Radar Subject Matter Expert, Senior

    Resource Management Concepts, Inc., Alexandria, VA

    View More Jobs

    AI Assistant is available now!

    Feel free to start your new journey!