RMF, Security & ATO Manager
Indexed description
About The Role
Latitude IT Solutions is seeking an RMF, Security & ATO Manager to own and maintain the Authority to Operate for a complex, multi-tenant VA health IT platform. You will own the full NIST SP 800-37 Rev. 2 RMF lifecycle: categorization, control selection, implementation, assessment, authorization, and continuous monitoring.
What You'll Do
- Own the System Security Plan (SSP), POA&M, and all ATO documentation maintained in eMASS
- Manage the full RMF lifecycle under NIST SP 800-37 Rev. 2 and NIST SP 800-53 Rev. 5, including annual control assessments and continuous monitoring
- Serve as primary liaison with the VA ISSO, Security Controls Assessor, and Authorizing Official
- Maintain HSPD-12/PIV compliance (IAL3/AAL3/FAL3) and VA IAM/MPI integration; ensure all personnel access meets PIV requirements within 10 business days of award
- Coordinate FISMA and HIPAA compliance controls across all platform tenant applications; manage control inheritance documentation for sub-authorizations
- Lead Fortify, Nessus, and continuous compliance monitoring; partner with DevSecOps Director to enforce ATO controls at the pipeline level
- Maintain the Incident Response Plan (IRP) and Disaster Recovery Plan (DRP); lead annual tabletop exercises
- Maintain the Policy Change Register; distribute VA policy, NIST guidance, and TRM updates within 24 hours of receipt
- 7+ years of federal cybersecurity/RMF experience with hands-on ATO ownership (not advisory) on a VA or federal health IT system
- Expert-level knowledge of NIST SP 800-53 Rev. 5 and NIST SP 800-37 Rev. 2
- Direct eMASS experience: SSP authoring, control implementation statements, POA&M management
- PIV/HSPD-12 compliance and FICAM architecture experience
- HIPAA Security Rule controls mapped to NIST 800-53 families
- Active Dept of Veteran Affairs PIV credentials
- CISSP certification
- CAP (Certified Authorization Professional)
- Prior VA OIT ATO experience
- VA CDM, SNOWCAM, or VA continuous monitoring tooling experience
- Multi-tenant tiered authorization (system of systems ATO) experience
- Applicants selected will be subject to a Security Investigation and May need to Meet Requirements for Access to Protected and/or Classified Information
- Applicants need to be a US Citizen to be considered for the position and have physically resided in the United States for a minimum of 3 years due to background investigation requirements
- Medical, Vision, Dental
- Paid Vacation & Sick Time
- Paid Federal Holidays
- 401k Retirement Plan with 100% Company Matching
- Employer Paid Life Insurance
- Continued Education Assistance
- Employee Assistance Program (EAP)
- Commuter Benefits Program
- Health Savings Account (HSA)
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search