Leidos Cybersecurity Team is searching for a RMF Manager to support a government customer on site at the Pentagon. The primary responsibilities for the position are to manage the Risk Management Framework (RMF) activities for the 844CS NMCC. The nature of the work requires that the candidate demonstrate initiative, organization, responsibility, customer service skills, and the ability to be flexible and adaptive to a fast-paced environment. The candidate must be able to communicate effectively and decisively with all levels of the organization and be able to solve practical problems as well as exercise sound judgement with regards to sensitive and confidential information.
Oversee system security control assessments in support of initial Authorization to Operate (ATO) decisions and continuous monitoring/ongoing authorization
Planning, coordinating, and implementing the organization's information security.
Plan, initiate, and manage information technology (IT) projects. Lead and guide the work of technical staff.
Develop and control deadlines and activities
Prepare reports for senior leadership
Validate the deliverables and submit them to the government for final review, sign-off, and submission
Provides oversight and approval of technical approaches, products and processes
Manages, develops and motivates employees
Develops and executes project and process plans, implements policies and procedures and set operational goals
Supervises teams, establishes milestones and monitors adherence to operation plans and schedules.
Provide technical analysis and supporting information throughout cybersecurity risk management activities such as: categorization of an information system, selection of security controls, implementation of security controls and provide comprehensive assessments of an organization’s risk posture.
Bachelor's degree or equivalent work or military experience
8+ years of experience in cybersecurity policies and implementation of Risk Management Framework (RMF): e.g. DAAPM, CNSSI 1253, ICD-503, JSIG, or NIST SP 800 series
Experience developing and managing strong relationships with partners (internal & external) and government customers and representatives
Experience working with a government agency in a compliance capacity
Experience in cross-functional leadership, collaborative problem solving, building lasting relationships & proficiency in written and verbal communication
Experience with project management in a leadership capacity
US Citizenship required-Active TS/SCI government security clearance required
Preferred Qualifications (Desired Skills/Experience):
Experience with certification and accreditation (C&A) or A&A and as a security control assessor or validator.
Experience with developing, implementing and maintaining guidelines, policies, and procedures supporting a cybersecurity program
Strong knowledge of the NIST Cybersecurity Framework
Experience with NIST special publications (SPs) regarding the A&A process, including SP 800-53, SP 800-137, SP 800-171, and SP 800-37
Experience with developing and managing continuous monitoring and plans of action and milestones (POA&M)
Experience with assessing systems following federal cybersecurity guidelines and best practices