The following states/districts are excluded from this job ad: AK, CA, CO, CT, DC, HI, LA, MA, MN, MO, NE, NV, NH, NJ, NM, NY, ND, OR, PR, RI, VT, WA, WYFuture Need - Actively InterviewingLocation: Remote in any United States jurisdiction not excluded from this job advertisement.
As the RMF, Security & ATO Manager, you will lead Risk Management Framework, cybersecurity, and Authority to Operate activities for a complex multi-tenant cloud environments ensuring continuous compliance, zero ATO lapses, and a proactive security posture across a healthcare platform and all hosted tenant applications.
Position Description: The Risk Management Framework (RMF), Security & Authority to Operate (ATO) Manager serves as the lead for cybersecurity compliance, RMF implementation, and authorization activities supporting a mission-critical VA healthcare platform.
Minimum/General Experience: 10 years of experience in federal cybersecurity, information assurance, RMF compliance, and ATO processes
Minimum Education: Bachelor's Degree in cybersecurity, information assurance, computer science, or related field
Essential Skills/Qualifications:- Expert ability to ensure all security and authorization activities are executed in accordance with approved cybersecurity policies, RMF processes, and Government security requirements
- Expert experience managing RMF and ATO processes for complex enterprise or mission-critical systems
- Expert knowledge of the NIST RMF steps (e.g., Categorize, Select, Implement, Assess, Authorize, Monitor)
- Expert experience managing federal ATO/ATC packages, continuous monitoring programs, and POA&M lifecycle management
- Expert understanding of VA Office of Information Technology (OI&T) security governance, directives, and VA Handbook 6500 series
- Excellent knowledge of Federal cybersecurity frameworks, security compliance processes, and continuous monitoring practices
- Excellent experience conducting and coordinating security audits
- Excellent ability to produce and maintain all required RMF security documentation
- Excellent knowledge of multi-tenant ATO inheritance frameworks, authorization boundaries, and security control allocation between platform and tenant layers
- Above average experience with vulnerability scanning tools (e.g., Nessus), Static Application Security Testing (SAST) integration, and vulnerability remediation tracking
- Above average knowledge of healthcare and privacy control implementation in a cloud-hosted environment
- Knowledge of VA Technical Reference Model (TRM) submission processes, connection management, and credential/account access audit requirements
- Experience using SNOWCAM
- Experience supporting Federal Government programs and systems operating in cloud or hybrid environments
- Excellent verbal and communication skills
General Physical Requirements needed to perform the essential functions of this job may vary based on the location of the assignment.
- Assignment Location - Remote
- Sedentary Work - Exerting up to 10 pounds of force occasionally and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects.
- Typing, communicating, repetitive motions.
- Close visual acuity to prepare and analyze data, view computer monitors and read. May need to view presentation screens and other visual aids in a virtual setting.
- Inside environmental conditions with protection from outside elements.
Security: Active Federal Civilian Public Trust clearance
- U.S. Citizenship or Permanent Resident that has lived in the United States for at least 3 years
Federal Civilian Public Trust Consists of a review of up to but not limited to:
- Covers 10 year period and in some instances lifetime events
- OPM Security Investigations Index (SII)
- DOD Defense Central Investigations Index (DCII)
- National Agency Check (NAC) records
- FBI name check
- FBI fingerprint check
- Credit report check
- Written inquiries to previous employers and references listed on the application for employment
- Potential interviews with the subject, spouse, neighbors, supervisor, coworkers
- Law enforcement check
- Court records check
- Education check - Attendance and Degrees
Tasks/Activities include, but are not limited to:- Maintains regular communication with the Contracting Officer's Representative (COR) and Government cybersecurity leadership regarding system authorization status, security posture, and risk mitigation activities
- Manages all six steps of the NIST RMF process for the VA healthcare platform and all hosted applications
- Ensures zero lapses in ATO status
- Initiates, manages, and sustains all ATO/ATC packages including periodic assessment oversight, activities, and staffing of all ATO audits
- Leads and coordinates all security audits and assessments including internal and external assessment teams
- Attends all audit meetings, provides documentation, and reviews all findings for accuracy
- Develops and maintains the platform authorization strategy defining ATO inheritance frameworks, tenant onboarding standards, and platform security guardrails
- Creates and maintains all POA&Ms ensuring proper NIST security family alignment, mapping, milestone accuracy, and timely closure of findings
- Produces and delivers monthly RMF, security, and ATO status reports
- Conducts and maintains incident response and disaster recovery tabletop exercises annually or as mandated
- Reports exercise results to leadership and implements all corrective actions
- Manages credential and account audits
- Submits and maintains internal and external connection requests
- Manages full lifecycle connection requests (e.g., submission, approval, removal)
- Ensures full compliance with all applicable VA security and privacy directives
Compensation & Benefits: The annual projected pay range for this position is $131,725 - $171,026 with consideration being given to various factors including but not limited to qualifications, experience, job responsibilities, and geographic location.
Oxley Enterprises, Inc. offers a full array of benefits including:
- Medical, dental, vision and prescription drug coverage for you and your family.
- Life Insurance, short-term disability and long-term disability paid for by the Company.
- Supplemental coverages including Accident, Critical Illness, and Hospital.
- Additional Life insurance coverage for you and your dependents.
- 401k plan with various options to select based on your retirement goals.
