RMF Process Lead (R-00177)

1 day ago
Full-time
Lead
Cybersecurity
True Zero Technologies

True Zero Technologies

True Zero Technologies specializes in cybersecurity programs and software solutions, focusing on proactive defense and IT engineering services.

Internet Software & Services
11-50
Founded 2016

Description

  • Own and manage the end-to-end RMF lifecycle, including categorization, control selection, implementation, assessment, authorization, continuous monitoring, and system disposal.
  • Assess current-state RMF processes, workflows, roles, data requirements, dependencies, pain points, and approval paths.
  • Design and implement standardized target-state RMF processes aligned with NIST, federal agency, and organizational requirements.
  • Translate existing RMF workflows, business rules, security documentation, control data, and authorization activities into the new GRC or RMF platform.
  • Serve as the primary functional subject matter expert for the new RMF solution, including workflows, data model, configurations, reporting, and user capabilities.
  • Lead requirements-gathering sessions with system owners, ISSOs, ISSMs, assessors, authorizing officials, engineers, and compliance stakeholders.
  • Define functional requirements, user stories, acceptance criteria, workflow rules, role-based permissions, notifications, and approval processes.
  • Review and validate migration of system records, controls, assessment results, POA&Ms, authorization packages, evidence, and supporting documentation.
  • Identify process gaps, data-quality issues, control-mapping inconsistencies, and configuration deficiencies, and coordinate corrective actions.
  • Establish RMF governance standards, operating procedures, templates, process guides, decision points, and quality-control requirements.
  • Coordinate solution testing, user acceptance testing, process validation, defect resolution, and production-readiness activities.
  • Develop training materials and provide role-based training, demonstrations, and knowledge transfer for users of the new RMF solution.
  • Monitor RMF process performance, authorization timelines, control-assessment status, POA&M remediation, and continuous-monitoring activities.
  • Provide leadership with dashboards, status reports, risk summaries, implementation updates, and recommendations for process improvement.
  • Drive user adoption and continuous improvement by incorporating stakeholder feedback, regulatory changes, lessons learned, and emerging cybersecurity requirements.

Requirements

  • Bachelor’s degree in cybersecurity, information technology, information systems, engineering, business, or a related field.
  • 8 or more years of experience supporting cybersecurity governance, risk management, compliance, security authorization, or RMF programs.
  • Demonstrated experience leading or owning end-to-end RMF processes within a federal government or highly regulated environment.
  • Expert knowledge of NIST RMF, NIST SP 800-37, NIST SP 800-53, FIPS 199, FIPS 200, and continuous-monitoring requirements.
  • Experience translating current-state business processes into standardized target-state workflows within a new technology platform.
  • Experience implementing, configuring, migrating to, or supporting enterprise GRC or RMF platforms such as RegScale, ServiceNow GRC, RSA Archer, eMASS, Xacta, CSAM, or equivalent solutions.
  • Strong understanding of authorization packages, System Security Plans, security controls, assessment procedures, POA&Ms, risk assessments, and authorization decisions.
  • Experience facilitating process-mapping, requirements-gathering, solution-design, testing, and stakeholder-validation sessions.
  • Ability to translate technical, regulatory, and operational requirements into clear system configurations, workflows, and user procedures.
  • Strong analytical, documentation, presentation, communication, and stakeholder-management skills.
  • Experience leading cross-functional teams and coordinating with system owners, cybersecurity personnel, assessors, engineers, program managers, and executive leadership.
  • Ability to identify process risks, resolve competing requirements, and guide stakeholders toward standardized enterprise solutions.

Benefits

  • No benefits or perks were listed in the job posting.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Technical Program Manager – Level V(6234)

Dan.com - a GoDaddy brand Internet Software & Services

itD is hiring a Technical Program Manager – Level V to lead multi-year water and wastewater infrastructure and compliance programs supporting a large-scale data center portfolio.

7 minutes ago

Regional Program and Engagement Manager (MEA)

Nozomi Networks 251-1K Internet Software & Services

Nozomi Networks is hiring a Regional Program and Engagement Manager, MEA to oversee professional services delivery for customer engagements across the Middle East and Africa for its OT and IoT cybersecurity platform.

CRM Cybersecurity IoT JIRA Salesforce
7 minutes ago

Program Manager, PDLC

Vasion 251-1K Internet Software & Services

Vasion is hiring a Program Manager to help shape and run its Product Development Life Cycle across engineering and product teams, driving adoption, improving the framework, and keeping cross-functional programs moving from discovery through launch and growth.

Confluence JIRA Notion
22 minutes ago

Delivery Lead

Accenture 100K+ Professional Services

Accenture Federal Services is hiring a Delivery Lead to manage a team supporting U.S. federal client programs and drive delivery, planning, and execution of client objectives.

Agile BDD CI/CD Kanban Scrum
22 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers