Risk Management Framework (RMF) Specialist

Overview

NV5Geospatial is currently seeking a dedicated and experienced Risk Management Framework (RMF) Specialist to oversee and manage cybersecurity processes, ensuring compliance with DoD and Air Force policies. The RMF Specialist will play a critical role in safeguarding the Air Force’s information systems by identifying, assessing, and mitigating security risks. This position requires a deep understanding of the RMF lifecycle and its application in a military context. The Risk Management Framework (RMF) Specialist is responsible for implementing and maintaining the RMF process within an organization, specifically for systems and applications hosted on the Amazon Web Services (AWS) cloud. This includes working with various stakeholders to identify and assess risks, developing and implementing risk management strategies, and ensuring compliance with relevant regulations and standards. The RMF Specialist will also be responsible for preparing and maintaining Authority to Operate (ATO) documents, as well as providing guidance and training to other members of the organization on RMF-related matters. 

Position Title: Risk Management Framework (RMF) Specialist 

Security Clearance: Must possess or be able to obtain and maintain a Top Secret/SCI clearance.

Work Environment:

• Location:  Must be located near St. Louis, MO. This is an onsite position at Scott AFB. 
• Travel up to 10% of the time. Occasional travel to support Air Force operations. 

NV5 is a global technology solutions and consulting services company with a workforce of over 4,500 professionals in more than 100 offices worldwide.  NV5’s continued growth has been spurred through strategic investments in firms with unique capabilities to help current and future customers solve the world’s toughest problems.  The NV5 family brings together talent across a wide range of markets and fields, including Professional Engineers, Professional Land Surveyors, Architects, Photogrammetrists, GIS Professionals, Software Developers, IT, Project Management Professionals, and more.

At NV5 Geospatial, We are a collaboration of intelligent, innovative thinkers who care for each other, our communities, and the environment.  We value both heart and head, the diversity of our people, and their experiences because that is how we continue to grow as a leader in our industry and expand our individual and collective potential.

Responsibilities

• RMF Implementation: Lead the implementation of the Risk Management Framework (RMF) for Air Force information systems, ensuring compliance with DoD and Air Force cybersecurity policies. 
• Security Control Assessment: Conduct security control assessments and validate the effectiveness of implemented controls for information systems. 
• Risk Analysis: Perform risk assessments to identify vulnerabilities, threats, and risks to information systems, and recommend appropriate mitigation strategies. 
• Documentation: Prepare and maintain RMF documentation, including System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), and Risk Assessment Reports. 
• Continuous Monitoring: Implement and manage continuous monitoring strategies to ensure ongoing assessment and authorization of information systems. 
• Collaboration: Work closely with system owners, developers, and other stakeholders to ensure security requirements are integrated throughout the system development lifecycle. 
• Audit Support: Support internal and external audits, reviews, and inspections related to information system security. 
• Policy and Compliance: Ensure alignment with current Air Force cybersecurity policies, standards, and regulations, and recommend updates to cybersecurity policies as needed.

Qualifications

• Education: Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• Experience: Minimum of 5 years of experience in cybersecurity, with at least 3 years specializing in RMF processes and DoD information systems.
• Certifications: Must possess or be willing to obtain relevant cybersecurity certifications such as Certified Information Systems Security Professional (CISSP), Certified Authorization Professional (CAP), or equivalent.
• Security Clearance: Ability to obtain and maintain a Top Secret/SCI security clearance.
• Technical Skills: Proficiency in RMF tools and technologies, such as eMASS (Enterprise Mission Assurance Support Service) and vulnerability assessment tools (e.g., Nessus, ACAS, SCAP).
• Knowledge: In-depth knowledge of NIST Special Publications (SP) 800-37, 800-53, and 800-171, as well as DoD Instruction 8510.01 and related guidelines.
• Communication: Strong verbal and written communication skills, with the ability to effectively convey complex cybersecurity concepts to both technical and non-technical audiences.
• Analytical Skills: Excellent analytical and problem-solving skills, with a keen attention to detail and a proactive approach to identifying and addressing security risks.

Employment is contingent upon successful completion of a background check and drug screening.

NV5 offers a competitive compensation and benefits package including medical, dental, life insurance, PTO, 401(k) and professional development/advancement opportunities.

NV5 provides equal employment opportunities (EEO) to all applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. NV5 complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including, but not limited to, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

#LI-Onsite

#LI-CP1