GRC / NIST RMF Specialist

Job Description

Job Description

Apogee Global RMS is seeking a GRC / NIST RMF Specialist to support federal programs requiring disciplined governance, risk, and compliance execution. This role is built for practitioners who understand the full lifecycle of NIST RMF, can translate controls into actionable engineering guidance, and can partner with federal stakeholders to drive accreditation success.

You will serve as a trusted advisor across security, engineering, and mission teams — ensuring that compliance is not a paperwork exercise but a strategic enabler of secure operations.

What You Will Lead:

• Full lifecycle NIST RMF execution (Categorization → Continuous Monitoring)
• Development and refinement of SSPs, POA&Ms, SARs, and control evidence packages
• Security control assessments, gap analyses, and remediation planning
• Advisory support for ATO readiness, audit preparation, and stakeholder coordination
• Risk analysis and prioritization aligned to mission, system, and organizational impact
• Collaboration with engineering teams to ensure controls are implemented effectively
• Continuous monitoring strategy, reporting, and compliance sustainment

Requirements

Certifications:

• CISA
• CRISC
• CISM
• NIST RMF training (FedVTE or equivalent)
• ISO 27001 Lead Auditor is a meaningful differentiator, especially for commercial‑adjacent bids

Technical & Functional Expertise:

• Deep understanding of NIST 800‑53, NIST RMF, and federal security baselines
• Experience preparing ATO packages and supporting federal accreditation processes
• Ability to translate compliance requirements into clear, actionable engineering tasks
• Strong writing and documentation skills for federal audiences
• Experience working with ISSOs, ISSEs, SCA teams, and federal program leadership

Location & Clearance:

• Must reside in the NCR (DC/MD/VA)
• Secret clearance minimum; clearable candidates considered

Expected Skills:

• Operates with precision, structure, and clarity
• Understands both the technical and policy sides of federal cybersecurity
• Can guide teams through complex accreditation processes without friction
• Communicates confidently with auditors, assessors, and mission stakeholders
• Thrives in high‑trust, high‑impact advisory environments

Benefits

Why Apogee:

Apogee supports federal programs in this prime engagement where governance and risk decisions directly influence mission readiness. You’ll work with senior stakeholders, shape compliance strategy, and operate in an environment that values expertise, discipline, and operational excellence.

How to Apply

For any questions (OR) to apply, please contact us at View email address on ziprecruiter.com .