Risk Management Framework (RMF) Lead - Internal Candidates Only
Simplesense builds, deploys, and sustains the Installation Resilience Platform that enables mission operators to rapidly adapt and respond. The Platform protects critical infrastructure from cyber attack while unlocking previously siloed information to monitor, diagnose, and improve response times to incidents. Our adversaries rapidly adopt the latest technology: we help defense users respond in kind.
Simplesense is a non-traditional defense contractor and prime on the Air Force's Installation Resilience Operations Command and Control (IROC) program, which is now expanding to five additional Air Force, Space Force, and Army installations from the one prototype installation, Tyndall Air Force Base.
Our team combines over 100 years of direct mission experience solving hard problems with 50 years technical expertise deploying DevSecOps, cybersecurity, and cloud infrastructure, giving us a deep appreciation for our customers’ mission and end users’ priorities. We build for scale, architecting and prioritizing technical work for long term sustainability.
Simplesense is looking for an RMF Lead to join our remote, US-based team. The RMF Lead oversees the Risk Management Framework (RMF) process. This position will manage Simplesense’s end to end RMF implementation, planning, executing, and maintaining all activities required to obtain and sustain system authorizations under the DoD process.
The ideal candidate is an excellent communicator, attentive, and efficient. They can complete work skillfully and independently. The RMF Lead must be good at giving and receiving constructive feedback.
Responsibilities:
- Lead the full lifecycle RMF process (Categorization, Select, Implement, Assess, Authorize, Monitor) for all information systems.
- Coordinate with Information System Owners, ISSMs, external assessors, and the Authorizing Official Designated Representative (AODR).
- Document security controls: Create program documents outlining security policies and procedures following RMF standards (e.g., SSPs, SARs, ISCMs, Diagrams, PPSMs).
- Assess system security: Review systems to ensure security controls are in place and working as intended.
- Support and execute system accreditation: Coordinate between teams and authorizing officials to meet all security requirements and program deadlines.
- Maintain compliance: Continuously monitor accredited systems and update documentation to reflect changes and ongoing compliance.
- Administer and maintain enterprise security tools and platforms (e.g., SIEM, EDR, vulnerability scanners), ensuring operational integrity, scalability, and alignment with organizational security policies
- Maintain relationships with key stakeholders: Attend meetings, respond to data requests, comprehend organizational dynamics, and provide strategic guidance to ensure the future success of all Authorization to Operate (ATO) processes.
- Implement and track cybersecurity controls (per NIST SP 800-53 and CNSSI 1253) for systems supporting DoD missions.
- Manage assessment and authorization (A&A) packages in eMASS or equivalent.
- Provide technical and procedural guidance to engineering and IT staff to ensure secure system design and operation.
- Stay up to date with evolving DoD cybersecurity policy, including DFARS, CMMC, and NIST guidance.
- Conduct internal risk assessments, vulnerability scans, and support incident response activities.
- Prepare for and support government cybersecurity audits and inspections.
Requirements:
- 7+ years of experience with DoD RMF processes
- Deep understanding of NIST SP 800-53 and cybersecurity control implementation
- Experience managing eMASS entries and ATO packages
- Strong technical writing and documentation skills
- U.S. Citizenship and eligibility for DoD clearance
- DoD Cyber Workforce Qualification Certification: CISSP, GSLC, or CISM
Competitive benefits package including equity
- Medical, Life, Short-Term Disability, and AD&D insurance
- Dental coverage
- Vision coverage
- 401K matching
- Stock options