Cybersecurity Compliance & Risk Management Framework (RMF) SME

Remote Full-time
About Affinity eSolutions Inc.: • 25+ year tenured full-service software development, cloud hosting, cybersecurity, and eLearning solutions provider for defense and civilian federal customers as well as the health IT sector, providing modern, secure SaaS and custom solutions, with public and private sector focus: • Public sector – Population health readiness management technologies & services; event management, workflow automation, training solutions; cybersecurity and cloud services (Defense & civilian agencies) • Private sector – Employer occupational health, behavioral health, “gaps in care” disease management, telehealth & diagnostics testing solutions in over 35 states and territories nationwide. JOB DESCRIPTION: U.S. CITIZENSHIP REQUIRED: Successful candidates must be U.S. Citizens and will be required to apply for and maintain a favorable federal government Background Investigation after onboarding. U.S. Citizenship is a prerequisite for this process. We are seeking an experienced Cybersecurity Compliance & Risk Management Subject Matter Expert (SME) with deep expertise in the Risk Management Framework (RMF). Candidate shall support, advise, and execute across multiple security, privacy, and regulatory compliance frameworks that govern systems handling CUI, PII, PHI, and other sensitive data. This role serves as a trusted advisor to engineering, program, and customer stakeholders, ensuring information systems achieve and maintain RMF authority to operate (ATO) while meeting evolving federal cybersecurity, privacy, and assurance requirements. While RMF is the core framework, the ideal candidate brings a broader compliance mindset, enabling alignment with complementary standards such as CMMC, CMMI, HIPAA/HITECH, and other assurance models as required by mission or client scope. RESPONSIBILITIES: RMF & Authorization (Primary Focus) • Lead and support the Risk Management Framework (RMF) lifecycle to obtain, renew, and maintain Authority to Operate (ATO) for information technology systems. • Develop, manage, and maintain the complete Security Body of Evidence (BoE) and lead Assessment & Authorization (A&A) activities in accordance with NIST RMF guidance. • Author, update, and maintain RMF artifacts including System Security Plans (SSPs), control implementations, risk assessments, and Plans of Action and Milestones (POA&Ms) within eMASS or equivalent GRC platforms. • Support continuous monitoring activities including review and assessment of ACAS scans, STIG compliance, and vulnerability remediation efforts. • Identify, document, track, and support remediation of security findings, risks, and compliance gaps. Policy, Documentation & Governance • Develop, implement, and maintain information assurance and cybersecurity policies, standards, and procedures. • Author and update security documentation including (but not limited to): - System Security Plans - Contingency and Incident Response Plans - Configuration Management Plans - Risk Assessments and Compliance Artifacts • Support internal audits, assessments, and customer reviews by providing accurate, timely, and defensible security documentation. Multi-Framework Compliance & Data Protection • Support and advise on cross‑framework compliance for systems subject to CUI/PII/PHI protection, privacy, and regulatory requirements. • Assist in mapping controls to other applicable frameworks and standards (e.g., CMMC, HIPAA, HITECH, CMMI, FedRAMP-adjacent requirements) to ensure consistent and defensible compliance postures. Remote Collaboration & Communication • Collaborate daily with geographically dispersed teams using Microsoft Teams, email, and similar collaboration tools. • Participate in SCRUMs, technical interchange meetings, and compliance working sessions with internal teams and client stakeholders. • Communicate complex security and compliance concepts clearly to both technical and non‑technical audiences. REQUIRED QUALIFICATIONS (MUST HAVE) • U.S. Citizen with ability to apply for and maintain a favorable federal government Background Investigation after onboarding. • Ability to obtain and maintain DoD Tier‑3 / NACLC or equivalent background investigation. • Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, Software Engineering, Information Systems, Computer Engineering, or a related discipline from an accredited institution. • 5+ years of hands‑on experience in cybersecurity compliance, risk management, or information assurance roles. • Demonstrated experience supporting the Risk Management Framework (RMF) lifecycle. • Strong working knowledge of NIST SP 800‑53 security controls. • Hands‑on experience with CSAM (or comparable GRC / A&A tooling). • Experience working with systems operating in regulated or sensitive data environments. PREFERRED / NICE‑TO‑HAVE QUALIFICATIONS • Prior favorable federal or DoD background investigations. • Familiarity with cloud system authorization contexts. • Experience supporting or aligning with

Apply Now

Apply Now
Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Director-Sales (People Leader)

Remote

**Experienced Part-Time Remote Data Entry Operator – arenaflex**

Remote

Associate Director, Business Development Non-Acute

Remote

Barrick - Safety and Health Specialist, NA Reclamation & Closure

Remote

Customer Success Representative - Remote Opportunity to Drive Client Satisfaction and Growth

Remote

Personal Assistant - Seniors at Home (Part-time)

Remote

Outside Sales Rep – National Capital Region

Remote

Life Coach - Remote with Flexible Hours

Remote

[Work From Home] Assistant Merchandising Manager

Remote

Clinical Data Management Lead, home-based

Remote
← Back