Risk Management Framework (RMF) Lead

Risk Management Framework Lead

DT Professionals is seeking a Risk Management Framework Lead to join our team. This role is responsible for driving collaboration across Information Systems Division (ISD) branches and key stakeholders to strengthen organizational cybersecurity and risk management capabilities. This role leads the implementation of automated, data-driven solutions and ensures alignment with NIST Risk Management Framework (RMF) standards to enhance cybersecurity posture and support informed, risk-based decision-making across the enterprise.

The ideal candidate brings deep expertise in information assurance, risk management frameworks, compliance requirements, and continuous monitoring programs, along with strong technical knowledge across modern IT environments. Responsibilities:

• Lead the execution and oversight of Risk Management Framework (RMF) activities across all phases of the system development lifecycle, including system categorization, security control selection, implementation, assessment, authorization, and continuous monitoring activities.
• Drive the enhancement and optimization of Continuous Monitoring (ConMon) programs by implementing automated, data-driven solutions to improve risk visibility, compliance tracking, and operational reporting.
• Conduct technical risk assessments across enterprise environments, evaluating vulnerabilities and threats affecting applications, endpoints, networks, cloud platforms, databases, and infrastructure components.
• Assess and ensure compliance with FISMA requirements and applicable NIST standards, providing risk recommendations and remediation strategies to support cybersecurity authorization and compliance efforts.
• Support cybersecurity operations through analysis of system architectures and environments including AWS, Azure, Google Cloud, hybrid infrastructures, Windows, Linux, macOS, virtualized systems, and containerized platforms.
• Utilize Governance, Risk, and Compliance (GRC) platforms such as CSAM, RegScale, and related tools to manage risk activities, maintain compliance artifacts, and track POA&M efforts.
• Analyze findings from vulnerability management and security monitoring tools including Tenable, Burp Suite, Prisma Cloud, Splunk, and asset/configuration management platforms to identify risks and support remediation activities.
• Develop technical documentation including security policies, SOPs, playbooks, memorandums, risk assessments, authorization packages, compliance reports, and operational procedures.
• Collaborate with cybersecurity engineers, system administrators, ISSOs, and cross-functional stakeholders to implement risk mitigation strategies and improve enterprise cybersecurity posture.

Minimum Requirements:

• Active Secret clearance.
• Bachelor's degree in Information Systems, Information Technology, Computer Science, Computer Engineering, Electrical Engineering, related technical field, or an additional four (4) years of relevant experience in lieu of a degree.
• Minimum of 7 years of professional experience with at least 5 years of technical experience performing information assurance, cybersecurity, and Risk Management Framework (RMF) activities.
• Active cybersecurity certification such as CASP+, GSEC, GSLC, CISSP, CEH, CISM, CISA, PMI-RMP, or comparable certification.
• Active Agile certification such as PMI-ACP, SAFe Agilist, CSM, or equivalent certification.
• Experience supporting Risk Management Framework (RMF) activities across all phases of the system lifecycle, including system categorization, control implementation, assessment, authorization, and continuous monitoring activities.
• Strong knowledge of FISMA compliance requirements and experience supporting security authorization and compliance efforts.
• Experience supporting Continuous Monitoring (ConMon) programs and implementing process improvements to enhance risk visibility and reporting.
• Experience developing and maintaining RMF artifacts and security documentation including SSPs, POA&Ms, risk assessments, authorization packages, SOPs, policies, playbooks, and reports.
• Broad technical understanding of enterprise IT environments including cloud and hybrid infrastructures (AWS, Azure, Google Cloud), Windows, Linux, and macOS operating systems, virtualized and containerized environments, enterprise networks, databases, and infrastructure platforms.
• Experience identifying, assessing, and evaluating cybersecurity risks across applications, networks, endpoints, cloud environments, and infrastructure layers.
• Experience utilizing Governance, Risk, and Compliance (GRC) tools such as CSAM, RegScale, or comparable platforms.
• Strong written and verbal communication skills with the ability to produce technical and operational documentation.

More about DT Professional Services:

We're looking for driven individuals to contribute to our talented & innovative team! At DT Professional Services, we offer insurance benefits that include medical, dental, and vision coverage, life insurance, long & short-term disability, 401(k) retirement plans (with employer match), tuition & certificate reimbursement, along with paid time off (vacation/sick/holidays). We are happy to offer growth opportunities for you to grow in your career - your success is our success!

DT Professional Services is a HUBZone certified Small Business; highly experienced in building award-winning custom software solutions. Established in 2013, we bring over a decade of experience delivering technology services and solutions that specialize in web & custom application development, project & program management, mobile & cloud computing services.

Our Mission is to provide cutting-edge, customer-oriented technology solutions that maximize value, drive engagement, and empower your business. We do this by employing talented & driven individuals who share the same goals and excitement for the work we do. DT Professional Services believes in fostering collaboration, career growth and building lasting relationships with our employees.