RiskManagementFrameworkAnalyst

The RMF Analyst shall be responsible for providing cybersecurity expertise and RMF lifecycle management in support of NIWDC IWTTF systems. The analyst shall ensure all systems achieve and maintain compliance with Department of War (DoW) policies, enterprise objectives, and established governance processes. The analyst will manage system security posture from categorization to continuous monitoring, ensuring risks are properly mitigated and documented. **Responsibilities include:** * Lead the execution of all steps of the RMF process, including system categorization, security control selection, implementation, assessment, authorization, and continuous monitoring. * Develop, review, and maintain comprehensive RMF documentation, including the System Security Plan (SSP), Security Assessment Report (SAR), and Plans of Action and Milestones (POA&Ms). * Translate assessment outcomes into actionable product artifacts, including risk assessments, vulnerability reports, and recommendations for inclusion in the system's POAM. * Coordinate with development teams, system owners, and enterprise stakeholders to validate security control implementation, assess integration impacts, and ensure alignment with established architecture and configuration governance processes. * Prepare and deliver executive-level summaries and system security status briefings, capturing prioritized risks, compliance status, and strategic decisions impacting the system's authority to operate (ATO). **Minimum Experience and Requirements:** * 5 years experience in cybersecurity, with a focus on Assessment & Authorization (A&A) and RMF. * Experience creating and managing RMF documentation and utilizing tools such as eMASS. * Experience conducting security control assessments and analyzing results from vulnerability scanning tools. * Bachelor’s degree in Cybersecurity, Information Technology, or a related field. * DoD 8570/8140 IAT/IAM Level II certification (e.g., CompTIA Security+, CySA+). * Must have an Ac