RMF Security and ATO Manager

Job Summary

To support a mission-critical enterprise platform within the Department of Veterans Affairs, the remote Risk Management Framework (RMF), Security, and Authorization to Operate (ATO) Manager will oversee cybersecurity compliance, manage the RMF lifecycle, and coordinate with government stakeholders to ensure continuous ATO status and adherence to federal cybersecurity requirements.

Key Responsibilities

• Lead all RMF and ATO activities, managing the full RMF lifecycle to ensure compliance and authorization status
• Oversee the development and maintenance of security documentation, ensuring alignment with federal and healthcare security requirements
• Manage continuous monitoring activities, including vulnerability scanning and risk mitigation, while coordinating with engineering and operations teams

Required Qualifications

• Deep expertise in Federal cybersecurity frameworks and RMF lifecycle management
• Experience with security documentation, including System Security Plans (SSPs) and Security Assessment Reports
• Knowledge of compliance requirements such as NIST SP 800-53, FISMA, and HIPAA
• Proficiency in managing cybersecurity risks in cloud or hybrid environments
• Strong background in continuous monitoring and vulnerability management processes