Subject Matter Expert - RMF & ATO Lead

Job Location: 

This role is 100% remote.

Clearance:

Must be currently authorized to work in the United States on a full-time basis and have the ability to obtain a Public Trust Security Clearance. 

Job Description:

In this position as a RMF & ATO Lead, you will lead execution of the NIST Risk Management Framework (RMF) process across the full system lifecycle in support of DOJ and Bureau of Prisons (BOP) security requirements. You will provide strategic oversight, technical leadership, and quality assurance for Authorization to Operate (ATO) efforts, ensuring compliance with NIST, DOJ, and federal cybersecurity standards. In this position, you will also:

• Lead execution of the NIST RMF process (SP 800-37) across all lifecycle phases, supporting timely and compliant ATO decisions.
• Oversee development, quality review, and maintenance of authorization package artifacts, including SSPs, SARs, POA&Ms, Risk Assessments, and supporting documentation.
• Guide system teams through Rapid ATO timelines while ensuring compliance with DOJ security policies and NIST SP 800-53 controls.
• Lead security control selection, tailoring, validation, and documentation across cloud-based and on-premises environments using verifiable technical evidence.
• Direct security assessments, including SAP development, assessment result review, and risk analysis to inform authorization decisions.
• Oversee POA&M development, remediation tracking, and Continuous Monitoring (ConMon) strategies to support ongoing authorization.
• Ensure all RMF documentation and supporting artifacts (Incident Response Plans, Contingency Plans, Configuration Management Plans, ISAs/MOUs, and privacy documentation) are complete and accurately maintained in JCAM.
• Serve as the primary cybersecurity liaison and technical lead, mentoring ATO staff and facilitating risk-based decision making with system owners, assessors, and leadership.

Required Skills:

• Bachelor’s degree in Information Security, Cybersecurity, Computer Science, Information Systems, or a related field.
• 7 years of experience performing systems security assessments, preparing security documentation, and supporting security authorization for live networks, systems, and enterprise environments.
• 5 years of experience assessing and enhancing IT security policies and procedures to meet Federal and applicable international regulatory requirements.
• 5 years of IT security experience with deep knowledge of security regulations and assessments, including development of multiple A&A and ATO packages across diverse system environments, including classified systems.
• Active possession of one of the following certifications: CISA, CRISC, CISSP, or CAP.

Desired Skills:

• Strong working knowledge of NIST Special Publications, including NIST SP 800-53 for security control selection and NIST SP 800-37 RMF.
• Experience using JCAM for RMF and authorization package management is preferred.
• Experience supporting DOJ, BOP, or other federal law enforcement agencies with RMF, ATO, or Continuous Monitoring activities.
• Hands-on experience with cloud service providers (AWS, Azure, or GCP) and applying NIST SP 800-53 controls within FedRAMP-aligned environments.

At Blake Willson Group, we believe in transparency and fairness in compensation practices. For this position, we offer a competitive salary range of $110,000 to $130,000 in the United States. Your individual salary within this range will be determined by various factors, including but not limited to your education, experience, skills, and geographic location. We also provide a comprehensive Total Rewards package, which includes major medical benefits such as dental and vision coverage, a 401(k)-contribution plan, holiday and personal time off, professional development training & certification benefits, health & wellness subsidies, paid time off for community service, and more. We value your contributions and are committed to recognizing and rewarding your performance and the value you bring to our business.