Risk Management Support Lead

Empower AI is AI for government. Empower AI gives federal agency leaders the tools to elevate the potential of their workforce with a direct path for meaningful transformation. Headquartered in Reston, Va., Empower AI leverages three decades of experience solving complex challenges in Health, Defense, and Civilian missions. Our proven Empower AI Platform® provides a practical, sustainable path for clients to achieve transformation that is true to who they are, what they do, how they work, with the resources they have. The result is a government workforce that is exponentially more creative and productive. For more information, visit www.Empower.ai.

Empower AI is proud to be recognized as a 2024 Military Friendly Employer by Viqtory, the publisher of G.I. Jobs. This designation reflects the company’s commitment to hiring and supporting active-duty and veteran employees.

As a Risk Management Support Lead, you will be accountable for safeguarding the enterprise mission of the Defense Counterintelligence and Security Agency (DCSA) Customer Support Services (CSS) contract by ensuring all systems meet cybersecurity, Risk Management Framework (RMF), and Authorization to Operate (ATO) requirements.

You will lead end-to-end RMF execution from system categorization through continuous monitoring, manage System Security Plans (SSP), Security Assessment Reports (SAR), and Plans of Action and Milestones (POA&M), operate the Enterprise Mission Assurance Support Service (eMASS) platform, and serve as primary liaison with the Government Authorizing Official (AO) for ATO approvals. You will apply expert knowledge of NIST SP 800-37, NIST SP 800-53, DoDI 8510.01, and DoD Security Technical Implementation Guides (STIGs) across the DCSA CSS system portfolio.

• →Lead end-to-end RMF process for multiple information systems, from system categorization (Step 1) through continuous monitoring (Step 6).
• →Manage RMF artifacts including System Security Plans (SSP), Security Assessment Reports (SAR), and Plans of Action and Milestones (POA&M).
• →Operate the Enterprise Mission Assurance Support Service (eMASS) platform to manage and document RMF processes.
• →Apply NIST SP 800-37 (RMF), NIST SP 800-53 (Security Controls), and DoDI 8510.01 (RMF for DoD IT) across all assigned systems.
• →Apply DoD Security Technical Implementation Guides (STIGs) and use Security Content Automation Protocol (SCAP) tools to assess and document compliance.
• →Manage vulnerability lifecycle using ACAS/Nessus, interpret scan results, and manage remediation through POA&Ms.
• →Work with technical teams to select, implement, and document NIST SP 800-53 security controls; provide guidance on control implementation and evidence collection.
• →Prepare systems for security control assessments, act as primary liaison with security assessors, and compile final authorization packages for AO submission.
• →Serve as the subject matter expert for DoD cybersecurity policy interpretation including STIGs; provide guidance to technical teams on achieving and maintaining compliance.
• →Maintain DoD 8570/8140 IAM Level III certification currency.

• Shall possess a TOP SECRET security clearance with SCI eligibility (favorably adjudicated T5 or T5R; within investigation scope or currently enrolled in Continuous Evaluation/Continuous Vetting).
• Active CISSP (Certified Information Systems Security Professional) or CAP (Certified Authorization Professional) certification.
• Active PMP (Project Management Professional) certification.
• DoD 8570/8140 IAM Level III certification.
• Expert-level knowledge of NIST SP 800-37 (RMF), NIST SP 800-53 (Security Controls), and DoDI 8510.01.
• Demonstrated experience with eMASS for RMF process management and documentation.
• Experience with STIGs, SCAP tools, ACAS/Nessus, and vulnerability lifecycle management.
• Experience with enterprise technologies including VMware, Linux (RHEL), Windows Server, Active Directory, and enterprise storage.
• Strong customer service orientation and experience serving as the primary liaison with Government Authorizing Officials.
• Excellent written, oral, and interpersonal communication skills.

This position requires the ability to perform the below essential functions:

• Sitting for long periods
• Standing for long periods
• Ambulate throughout an office

Required Education/Experience: Bachelor’s degree in Computer Science, Information Technology, or a related field. Minimum ten (10) years of recent experience managing complex projects, preferably in a risk or security context. Minimum seven (7) years of direct, hands-on experience leading RMF efforts for DoD systems and successfully achieving Authorization to Operate (ATO). Experience supporting a DoD or IC customer is a plus.

All hiring and promotion decisions at Empower AI are based on merit to bring the best talent available to contribute to our firm’s overall success. It is the policy of Empower AI not to discriminate against any applicant for employment, or employee because of age, color, sex, disability, national origin, race, religion, or veteran status. Empower AI is a VEVRAA Federal Contractor.