RMF/ISSO – Contingent

The RMF/ISSO will provide support to GPO SOC activities by managing the Assessment & Authorization (A&A) process and ensuring continuous compliance with federal cybersecurity standards. Key responsibilities include:
- Planning, implementing, upgrading, and monitoring security measures for the protection of networks, systems, and data.
- Conducting vulnerability assessments, identifying risks, and implementing mitigation strategies.
- Ensuring appropriate NIST 800-53 controls are applied and remain effective for safeguarding digital files and infrastructure.
- Coordinating responses to security incidents, breaches, and malware events.
- Maintaining Plan of Action & Milestones (POA&Ms), providing continuous reporting, and recommending remediation strategies.
- Supporting FISMA compliance and maintaining inventory records within Xacta360 or similar A&A tools.
- Preparing documentation and risk artifacts required for system ATO (Authority to Operate) packages.
- Liaising with SOC leadership and stakeholders to ensure cybersecurity policies and practices remain aligned with organizational objectives.

Required Qualifications
- 3+ years of RMF/ISSO experience in federal government or GovCon environments.
- Working knowledge of NIST SP 800‑37, NIST 800‑53 Rev 5 controls, and FISMA requirements.
- Experience with A&A tools such as Xacta360 or eMASS.
- Familiarity with GCC-H/GCC cloud environments.
- Strong documentation, stakeholder coordination, and security compliance reporting skills.