Security Compliance / RMF Analyst (Cybersecurity)

TL;DR

Security Compliance / RMF Analyst (Cybersecurity): Managing the Risk Management Framework (RMF) lifecycle for the FCC to ensure federal security compliance with an accent on NIST controls, ATO processes, and continuous monitoring. Focus on developing security documentation, performing control assessments, and managing POA&Ms to maintain system authorization.

Location: Remote (USA). Requires the ability to obtain a Public Trust clearance.

Company

hirify.global provides specialized IT and cybersecurity support services for federal agencies, including the FCC.

What you will do

• Manage RMF lifecycle activities, including system authorization, reauthorization, and continuous monitoring.
• Develop and update critical security documentation such as SSPs, SARs, and POA&Ms.
• Perform security control assessments (SCA) and validate controls based on NIST SP 800-53.
• Track vulnerabilities and manage remediation activities using GRC tools like Archer or Xacta.
• Conduct risk assessments, gap analyses, and compliance reviews to ensure FISMA adherence.
• Coordinate with system owners, ISSOs, and auditors to maintain audit readiness.

Requirements

• Bachelor's degree in Cybersecurity, IT, Computer Science, or equivalent experience.
• Must have the ability to obtain a Public Trust clearance.
• Proven experience with NIST RMF (SP 800-37) and NIST SP 800-53 controls.
• Experience with A&A, ATO processes, and continuous monitoring in federal or regulated environments.
• Proficiency with GRC tools (e.g., Archer, Xacta, CSAM).
• Role-appropriate certification demonstrating competency in compliance or risk management (e.g., Security+, CISA, CISSP).