RMF, Security & ATO Manager

 Posted 5 days ago
     
⭐ 5-10 years experience
Apply Now

Please mention DailyRemote when applying

AI Summary

Own and maintain the Authority to Operate (ATO) for a complex VA health IT platform, managing the full NIST RMF lifecycle. Act as the primary liaison with VA security officials and ensure continuous compliance through monitoring and documentation.

Who we are...

Latitude is a growing Service-Disabled Veteran Owned (SDVOSB) Company within the Federal Sector. We have experience in working with various federal clients across multiple different agencies. We believe in adopting and growing a remote work-from-home culture wherever possible to ensure a healthy work-to-life balance. We believe in automating the mundane and investing in our employees helping them grow their careers over time. We strive for innovation and want to develop solutions that we can take pride in and help break through some of the barriers that exist in technology and the government sectors today.


About the Role

Latitude IT Solutions is seeking an RMF, Security & ATO Manager to own and maintain the Authority to Operate for a complex, multi-tenant VA health IT platform. You will own the full NIST SP 800-37 Rev. 2 RMF lifecycle: categorization, control selection, implementation, assessment, authorization, and continuous monitoring.

What You'll Do

  • Own the System Security Plan (SSP), POA&M, and all ATO documentation maintained in eMASS
  • Manage the full RMF lifecycle under NIST SP 800-37 Rev. 2 and NIST SP 800-53 Rev. 5, including annual control assessments and continuous monitoring
  • Serve as primary liaison with the VA ISSO, Security Controls Assessor, and Authorizing Official
  • Maintain HSPD-12/PIV compliance (IAL3/AAL3/FAL3) and VA IAM/MPI integration; ensure all personnel access meets PIV requirements within 10 business days of award
  • Coordinate FISMA and HIPAA compliance controls across all platform tenant applications; manage control inheritance documentation for sub-authorizations
  • Lead Fortify, Nessus, and continuous compliance monitoring; partner with DevSecOps Director to enforce ATO controls at the pipeline level
  • Maintain the Incident Response Plan (IRP) and Disaster Recovery Plan (DRP); lead annual tabletop exercises
  • Maintain the Policy Change Register; distribute VA policy, NIST guidance, and TRM updates within 24 hours of receipt

What You Bring

  • 7+ years of federal cybersecurity/RMF experience with hands-on ATO ownership (not advisory) on a VA or federal health IT system
  • Expert-level knowledge of NIST SP 800-53 Rev. 5 and NIST SP 800-37 Rev. 2
  • Direct eMASS experience: SSP authoring, control implementation statements, POA&M management
  • PIV/HSPD-12 compliance and FICAM architecture experience
  • HIPAA Security Rule controls mapped to NIST 800-53 families
  • Active Dept of Veteran Affairs PIV credentials

Preferred

  • CISSP certification
  • CAP (Certified Authorization Professional)
  • Prior VA OIT ATO experience
  • VA CDM, SNOWCAM, or VA continuous monitoring tooling experience
  • Multi-tenant tiered authorization (system of systems ATO) experience
\n


\n

Clearance...

  • Applicants selected will be subject to a Security Investigation and May need to Meet Requirements for Access to Protected and/or Classified Information


Citizenship...

  • Applicants need to be a US Citizen to be considered for the position and have physically resided in the United States for a minimum of 3 years due to background investigation requirements.

Employee Benefits...

  • Medical, Vision, Dental
  • Paid Vacation & Sick Time
  • Paid Federal Holidays
  • 401k Retirement Plan with 100% Company Matching
  • Employer Paid Life Insurance
  • Continued Education Assistance
  • Employee Assistance Program (EAP)
  • Commuter Benefits Program
  • Health Savings Account (HSA)

Similar Jobs

See all Remote Others jobs β†’

Personalize your Remote Job Search in 3 Easy Steps!

Discover remote opportunities in Others

Answer easy questions

Answer easy questions

200,000+ jobs across 15+ categories

Get your best job matches

Get your best job matches

Only hand-screened, legit jobs

Find a remote job faster

Find a remote job faster

No ads, scams, or junk

I was the first applicant for a remote marketing position that got listed on the company website the same day I applied. Had an interview within 48 hours!

Sarah J. — Sarah J. · Marketing Manager ★★★★★ Verified