Security/RMFLead

Essnova Solutions, Inc. is an award-winning SBA 8(a) and HUBZone small business delivering innovative technology and professional services to government and commercial clients. As Security / RMF Lead, you will play a critical role in ensuring the integrity and compliance of federal information systems under the VISION contract for the National Center for Health Statistics (NCHS). Your leadership will directly impact the security posture and regulatory compliance of mission-critical systems supporting public health initiatives. Key responsibilities include: * Maintain System Security Plans (SSPs) as living documents for all NCHS systems, ensuring timely updates after security-impacting changes. * Manage Plan of Action & Milestones (POA&Ms) with quarterly progress reviews, closure evidence, and remediation tracking. * Remediate vulnerabilities within mandated timelines, track findings through closure, and provide retesting evidence. * Prepare Authorization to Operate (ATO) packages—including SSPs, POA&M status, assessment results, and risk analysis—for Authorizing Official review. * Conduct annual security assessments of one-third-plus-key-controls using CSAM or equivalent tools. * Submit monthly authenticated vulnerability and application scan results by the fifth business day. * Coordinate among developers, system owners, and security staff, and liaise with CDC CSPO, NCHS SSPO, and CDC Enterprise Architects. * Follow CDC CSPO Change Management SOP, including security impact analysis for post-ATO changes. * Support implementation of the Risk Management Framework (RMF), FISMA compliance, and OMB directives. * Produce security-related EPLC artifacts for governance and stage-gate reviews. * Lead SSP development during the 30-day transition-in activation sequence and support SSP submission within 30 days of contract award. * Support PTA/PIA activities with CDC privacy officials. **Requirements** ### Required Qualifications: * Bachelor's degree in cybersecurity, informati