Job was saved successfully.
Job was removed from Saved Jobs.

Job Details

Risk Management Framework (RMF) / Information Assurance Manager

Government and Military

Information Technology


Honolulu, Hawaii, United States

Job Summary

Amentum is seeking a Risk Management Framework (RMF) / Information Assurance (IA) Subject Matter Expert (SME) to join our team at Camp Smith, HI. The RMF/IA SME will work with the various IT teams to mature the current risk management programs, such as risk assessment execution, control testing and monitoring, and procedure documentation. The RMF/IA SME will also provide cyber security advice to mission partners to effectively manage risk to operations and will validate that security and technology controls are implemented to support operational and security requirements. Candidates should have effective task management skills and the ability to communicate effectively.

Essential Responsibilities:

  • Provide input to the RMF process for accreditation and validation of systems supporting Joint Innovation and Experimentation.
  • Perform Continuous monitoring activities on systems and report anomalies.
  • Ensure systems are operated, maintained, and secured in accordance with policies and practices outlined in the security plan.
  • Ensure all users have the requisite security clearances, authorization, and need-to-know, and are aware of their security responsibilities before granting access to the Information System (IS).
  • Initiate protective or corrective measures when a security incident or vulnerability is discovered.
  • Develop and maintain all System Security Plans (SSP).
  • Ensure configuration management (CM) processes for security-relevant IS software, hardware, and firmware are followed.
  • Ensure system recovery processes are monitored to ensure that security features and procedures are properly restored.
  • Ensure all IS security-related documentation is current and accessible to properly authorized individuals.
  • Ensure that system security requirements are addressed during all phases of the system life cycle.
  • Follow procedures developed by the Information System Security Manager (ISSM) / Program Security Officer (PSO), authorizing software, hardware, and firmware use before implementation on systems.
  • Develop reports regarding system security state and provide briefings to leadership.
  • Identify areas for process improvement and make suggestions to the team accordingly.
  • Develop and implement cybersecurity policies.
  • Partner with mission partners to identify, analyze and mitigate security risk, internal and third party, associated with activities executed throughout the enterprise.
  • Conduct ongoing risk evaluations for compliance and cybersecurity operations.
  • Identify risk that is outside of acceptable risk thresholds and escalate appropriately.
  • Develop risk mitigation methods and capabilities.
  • Ensure vulnerabilities are identified, understood, remediated, and communicated.
  • Monitor security controls to ensure continued effectiveness of controls.
  • Develop contingency plans and recovery processes.
  • Translate technical details into non-technical verbiage when discussing risk with leadership.
  • Create needed documentation for organizational and compliance purposes.
  • Provide security consultation for new and ongoing enterprise initiatives.
  • Educate and build awareness of security requirements across the organization.
  • Publish executive-level security reporting across governance, risk, and compliance activities.

Knowledge, Skills, and Abilities:

  • Vulnerability management experience
  • Must be customer-focused and possess the ability to identify issues, analyze, interpret data, and develop solutions to a variety of moderately complex technical problems
  • Experience with documenting requirements, security controls, and POA&M creation

Here at Amentum, we believe in fostering a sense of belonging. We welcome diversity, encourage growth and development, promote safety first, and believe curiosity is the spark for innovation. We take care of our employees who in turn take care of our customers, driving the success of our business.

Minimum Requirements

  • Bachelors degree in Information Assurance, Cyber Security, Incident Response, Security Management, or discipline directly related to Cyber Security
  • At least 6 years of experience with Information Systems
  • Must have one of the following IAM/IAT Level II certifications: CCNA Security, CySA+, GICSP, GSEC, Security+ CE, CND, SSCP, CAP, CASP+, CISM, CISSP, GSLC, or CCISO
  • Department of Defense (DoD) Validator or DoD RMF experience
  • Knowledgeable of DoD 8510.01 Department of Defense Instruction Number 8510.01 Dated March 12. 2014. Subject: Risk Management Framework (RMF) of DoD Information Technology (IT) and 630-230-19 Information Assurance
  • Due to the nature of the work, must be a U.S. citizen
  • Must have a TS/SCI security clearance prior to your start date

Preferred Qualifications

  • Advanced Degree in Computer Science, Information Systems, or a technical field preferred and 8 years of experience; or an equivalent combination of experience and education from which comparable knowledge and skills may be acquired.
  • Security + Certification
  • Experience with Microsoft cloud environments
  • Candidate must be a current U.S. Citizen
  • Experience with risk management in SaaS, PaaS, IaaS, and other cloud environments
  • Experience with the NIST frameworks and publications
  • Vulnerability management experience