Risk Management Framework Manager
Job Description
The Opportunity:
CACI is searching for a Risk Management Framework (RMF) Manager Subject Matter Expert to support the FEMA Office of the Chief Information Security Officer (OCISO) in Washington, D.C. As an RMF Subject Matter Expert, you will play a crucial role in ensuring the security and compliance of FEMA's information systems through expert guidance on security design, development, and Supply Chain Risk Management. You will work in a dynamic environment, collaborating with IT system owners, developers, stakeholders, and cybersecurity professionals to implement robust security controls from the design phase forward. Your efforts will directly contribute to safeguarding FEMA's mission-critical systems and data through advanced automation and integration. The RMF SME will focus on security design, development, and Supply Chain Risk Management, supporting RMF implementation across FEMA systems. This position requires deep knowledge of NIST RMF, NIST Cybersecurity Framework, and DHS 4300 Series. The RMF SME will provide input into security design and development of new and existing systems, support cloud security design and migration strategies, perform code analysis of Government-off-the-shelf (GOTS) applications, and review supply chain logistics of technology within Program Offices. This role is critical for identifying security risks early in the development lifecycle and ensuring systems are designed with security in mind.
Responsibilities:
The RMF SME will provide input into security design and development of new and existing systems to ensure security by design and support cloud security design, migration strategies, plans, policies, and procedures. This position requires performing static and dynamic code analysis of Government-off-the-shelf (GOTS) applications using automated tools and providing technical analysis of source code reviews and vulnerability resolution recommendations. The RMF SME will generate residual risk reports documenting security risks that cannot be fully mitigated and review and analyze supply chain logistics of technology within Program Offices. Responsibilities include conducting risk analysis requiring collaboration with multiple internal and external partners, providing technical analysis of supply chain risk, and communicating findings to senior leadership monthly. The position involves participating in external agency meetings for classified and unclassified networks related to supply chain and using automated tools to view and report on supply chain risks. The RMF SME will support NIST Cybersecurity Framework, NIST RMF, and DHS cybersecurity requirements implementation, advise system owners on RMF process, and assist in managing risk throughout the system lifecycle. This position requires identifying applicable NIST SP 800-37 RMF requirements for systems and applications and assessing security posture of applications and systems to determine compliance and risk levels. Critical deliverables include preparing Static Code Analysis Reports annually or within 30 days after code release, generating Risk Analysis Reports within 0 to 15 days after analysis completion, and developing POA&Ms within 0 to 15 days after issue identification. The RMF SME will create Cybersecurity Strategy and Policy documents within 30 days after new system identification or significant modifications, develop Requirements Traceability Matrix within 10 days after system identification, and produce Weekly Activity Reports and Monthly Program Reports.
Qualifications:
Required:
- U.S. Citizenship required
- FEMA EOD suitability or Current DHS or FEMA EOD preferred
- BS/BA + 15 years of applicable experience in information security and RMF
- Minimum 7 years of experience in information security and RMF
- Deep knowledge of NIST RMF (SP 800-37), NIST Cybersecurity Framework, and DHS 4300 Series
- Experience with security architecture and secure system design principles
- Experience conducting supply chain risk assessment
What You Can Expect:
A culture of integrity.
At CACI, we place character and innovation at the center of everything we do. As a valued team member, you’ll be part of a high-performing group dedicated to our customer’s missions and driven by a higher purpose – to ensure the safety of our nation.
An environment of trust.
CACI values the unique contributions that every employee brings to our company and our customers - every day. You’ll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning resources to make your ambitions a reality.
A focus on continuous growth.
Together, we will advance our nation's most critical missions, build on our lengthy track record of business success, and find opportunities to break new ground — in your career and in our legacy.
Pay Range:
There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits.
The proposed salary range for this position is:
$103,800 - $218,100