- Career Center Home
- Search Jobs
- Risk Management Framework (RMF) Analyst (Remote)
Description
The following states/districts are excluded from this job ad: AK, CA, CO, CT, DC, HI, LA, MA, MN, MO, NE, NV, NH, NJ, NM, NY, ND, OR, PR, RI, VT, WA, WY
Future Need - Actively Interviewing
Location: Remote in any United States jurisdiction not excluded from this job advertisement.
Sustain the authorization lifecycle of a mission-critical Department of Veterans Affairs (VA) cloud platform. As the RMF Analyst, you will support all sisteps of the National Institute of Standards and Technology (NIST) RMF process and maintain required documentation across an authorization environment undergoing active restructuring.
Position Description: The RMF Analyst supports all six steps of the NIST RMF process and develops, updates, and maintains required RMF documentation for hosted applications.
Tasks/activities include, but are not limited to:
- Supports all six steps of the NIST RMF process
- Develops, updates, and maintains required RMF documentation including Disaster Recovery Plan documentation that is complete, current, and aligned with system architecture and operational practices
- Ensures continuous monitoring activities are performed in accordance with VA Office of Information and Technology (OI&T) policies
- Maintains recorded platform security posture and associated controls in Continuous Authorization Monitoring (CAM) or equivalent systems
- Implements and maintains required NIST security controls in accordance with the approved baseline
- Supports conversions to new NIST versions as standing policies are superseded
- Validates security control effectiveness through automated testing, configuration validation, and periodic assessments
- Prepares and submits required artifacts for ATO packages and reauthorization efforts for all products and services hosted or supported by the application
- Coordinates with security personnel and third-party assessors during authorization reviews
- Addresses assessment findings and provides remediation plans within defined timelines
- Supports change documentation and impact analysis for architectural or operational modifications
- Maintains Plan of Action and Milestones (POA&M) accuracy and supports timely closure of findings
- Contributes RMF lifecycle status, security control implementation progress, and continuous monitoring data to the monthly RMF, security, and ATO status report
Compensation & Benefits: The annual projected pay range for this position is $72,517 - $111,100 with consideration being given to various factors including but not limited to qualifications, experience, job responsibilities, and geographic location.
Oxley Enterprises, Inc. offers a full array of benefits including:
- Medical, dental, vision and prescription drug coverage for you and your family.
- Life Insurance, short-term disability and long-term disability paid for by the Company.
- Supplemental coverages including Accident, Critical Illness, and Hospital.
- Additional Life insurance coverage for you and your dependents.
- 401k plan with various options to select based on your retirement goals.
Oxley Enterprises®, Inc. is a certified service-disabled veteran-owned (SDVOSB), veteran-owned (VOSB), and woman-owned small business (WOSB) that has 26 years of experience building and delivering quality IT systems and programs. Oxley is ranked in the INC 5000 7 times (2016, 2017, 2018, 2021, 2023, 2024, 2025). Oxley is a 2019 - 2025 Department of Labor HIRE Vets Medallion Award Winner. Oxley is Virginia Values Veterans certified.
All qualified applicants will receive consideration for employment without regard to any status protected by applicable federal, state, or local law.
If you require a reasonable accommodation to apply for a position at Oxley Enterprises, Inc., please send an email to our Human Resources Department at: [email protected] with the following information:
Subject Line: Accommodation Request
Provide a description of your accommodation request
Include your contact information: Full name, Email address, Best number to reach you (optional)
We participate in the E-Verify program. http://www.dhs.gov/E-Verify
Requirements
Minimum/General Experience: 5 years of experience supporting NIST RMF processes
Minimum Education: Bachelor's Degree in cybersecurity, information assurance, or related field; CompTIA Security+ (preferred)
Essential Skills/Qualifications:
- Excellent knowledge of all six steps of the NIST RMF process (e.g., Categorize, Select, Implement, Assess, Authorize, and Monitor)
- Excellent ability to develop, update, and maintain required RMF documentation (e.g., Disaster Recovery Plan documentation)
- Excellent experience performing continuous monitoring activities
- Excellent ability to implement and maintain required NIST security controls
- Excellent experience preparing and submitting required artifacts for Authorization to Operate (ATO) packages and reauthorization efforts
- Above average ability to coordinate with security personnel and third-party assessors during authorization reviews
- Above average experience supporting change documentation and impact analysis
- Experience supporting a federal agency
- Excellent verbal and written communication skills
General Physical Requirements needed to perform the essential functions of this job may vary based on the location of the assignment.
- Assignment Location - Remote
- Sedentary Work - Exerting up to 10 pounds of force occasionally and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects.
- Typing, communicating, repetitive motions.
- Close visual acuity to prepare and analyze data, view computer monitors and read. May need to view presentation screens and other visual aids in a virtual setting.
- Inside environmental conditions with protection from outside elements.
Security: Active Federal Civilian Public Trust clearance
- U.S. Citizenship or Permanent Resident that has lived in the United States for at least 3 years
Federal Civilian Public Trust Consists of a review of up to but not limited to:
- Covers 10 year period and in some instances lifetime events
- OPM Security Investigations Index (SII)
- DOD Defense Central Investigations Index (DCII)
- National Agency Check (NAC) records
- FBI name check
- FBI fingerprint check
- Credit report check
- Written inquiries to previous employers and references listed on the application for employment
- Potential interviews with the subject, spouse, neighbors, supervisor, coworkers
- Law enforcement check
- Court records check
- Education check - Attendance and Degrees

