RMF and Policy Analyst
Salary undisclosed
Apply on
Original
Simplified
Description
BNL is seeking an RMF and Policy Analyst who will support a federal government client's Continuous Authorization to Operate (cATO) program. This role is critical in ensuring that the Risk Management Framework (RMF) processes are properly analyzed, documented, and implemented, aligning with federal cybersecurity policies and NIST guidelines.
Important Note** Primarily remote position but travel to onsite locations may be required.
Key Responsibilities
Required Skills, Credentials, and Qualifications
BNL is seeking an RMF and Policy Analyst who will support a federal government client's Continuous Authorization to Operate (cATO) program. This role is critical in ensuring that the Risk Management Framework (RMF) processes are properly analyzed, documented, and implemented, aligning with federal cybersecurity policies and NIST guidelines.
Important Note** Primarily remote position but travel to onsite locations may be required.
Key Responsibilities
- Policy Development: Assist in the development of new policies and processes that support the continuous Assessment and Authorization (A&A) cycle, automating RMF processes in various environments, including cloud and on-premise systems.
- Risk Management: Work closely with the GRC Policy Lead and RMF Subject Matter Expert to analyze risk management processes, ensuring that they comply with NIST standards and align with DevSecOps practices .
- Documentation and Controls: Develop and maintain control libraries and ensure that all RMF processes are properly documented, tested, and reported using Open Security Controls Assessment Language (OSCAL).
- Compliance: Ensure compliance with NIST SP 800-53 Rev. 5 security controls and provide insights into improving the automation of compliance tasks.
- Continuous Monitoring: Support continuous monitoring efforts by providing real-time risk visibility through centralized security artifacts .
- Collaboration: Coordinate with various government client teams, including Security Control Assessors (SCAs) and Cloud Engineers, to ensure policies are integrated into all aspects of the cATO framework.
Required Skills, Credentials, and Qualifications
- Bachelor’s degree in Information Technology, Cybersecurity, or a related field.
- Minimum of 2 years' experience in RMF implementation, particularly within federal environments.
- Expertise in NIST guidelines and federal cybersecurity policies.
- Experience working in DevSecOps environments and automating RMF processes.
- Strong analytical and documentation skills, with a deep understanding of policy development .
- Excellent verbal and written communication skills
- Strong interpersonal skills, including experience working with clients
- Ability to manage several projects and tasks simultaneously, prioritize and plan work activities while meeting respective deadline
- Ability to travel as needed (~5% travel annually)
- 4+ years' experience in RMF implementation, particularly within federal environments.
Similar Jobs