Cybersecurity Compliance & Risk Management Framework (RMF) SME

About Affinity eSolutions Inc.:

• 25+ year tenured full-service software development, cloud hosting, cybersecurity, and eLearning solutions provider for defense and civilian federal customers as well as the health IT sector, providing modern, secure SaaS and custom solutions, with public and private sector focus:
• Public sector – Population health readiness management technologies & services; event management, workflow automation, training solutions; cybersecurity and cloud services (Defense & civilian agencies)
• Private sector – Employer occupational health, behavioral health, “gaps in care” disease management, telehealth & diagnostics testing solutions in over 35 states and territories nationwide.

JOB DESCRIPTION: U.S. CITIZENSHIP REQUIRED: Successful candidates must be U.S. Citizens and will be required to apply for and maintain a favorable federal government Background Investigation after onboarding. U.S. Citizenship is a prerequisite for this process. We are seeking an experienced Cybersecurity Compliance & Risk Management Subject Matter Expert (SME) with deep expertise in the Risk Management Framework (RMF). Candidate shall support, advise, and execute across multiple security, privacy, and regulatory compliance frameworks that govern systems handling CUI, PII, PHI, and other sensitive data. This role serves as a trusted advisor to engineering, program, and customer stakeholders, ensuring information systems achieve and maintain RMF authority to operate (ATO) while meeting evolving federal cybersecurity, privacy, and assurance requirements. While RMF is the core framework, the ideal candidate brings a broader compliance mindset, enabling alignment with complementary standards such as CMMC, CMMI, HIPAA/HITECH, and other assurance models as required by mission or client scope. RESPONSIBILITIES: RMF & Authorization (Primary Focus)

• Lead and support the Risk Management Framework (RMF) lifecycle to obtain, renew, and maintain Authority to Operate (ATO) for information technology systems.
• Develop, manage, and maintain the complete Security Body of Evidence (BoE) and lead Assessment & Authorization (A&A) activities in accordance with NIST RMF guidance.
• Author, update, and maintain RMF artifacts including System Security Plans (SSPs), control implementations, risk assessments, and Plans of Action and Milestones (POA&Ms) within eMASS or equivalent GRC platforms.
• Support continuous monitoring activities including review and assessment of ACAS scans, STIG compliance, and vulnerability remediation efforts.
• Identify, document, track, and support remediation of security findings, risks, and compliance gaps.

Policy, Documentation & Governance

• Develop, implement, and maintain information assurance and cybersecurity policies, standards, and procedures.
• Author and update security documentation including (but not limited to):

- System Security Plans - Contingency and Incident Response Plans - Configuration Management Plans - Risk Assessments and Compliance Artifacts

• Support internal audits, assessments, and customer reviews by providing accurate, timely, and defensible security documentation.

Multi-Framework Compliance & Data Protection

• Support and advise on cross‑framework compliance for systems subject to CUI/PII/PHI protection, privacy, and regulatory requirements.
• Assist in mapping controls to other applicable frameworks and standards (e.g., CMMC, HIPAA, HITECH, CMMI, FedRAMP-adjacent requirements) to ensure consistent and defensible compliance postures.

Remote Collaboration & Communication

• Collaborate daily with geographically dispersed teams using Microsoft Teams, email, and similar collaboration tools.
• Participate in SCRUMs, technical interchange meetings, and compliance working sessions with internal teams and client stakeholders.
• Communicate complex security and compliance concepts clearly to both technical and non‑technical audiences.

REQUIRED QUALIFICATIONS (MUST HAVE)

• U.S. Citizen with ability to apply for and maintain a favorable federal government Background Investigation after onboarding.
• Ability to obtain and maintain DoD Tier‑3 / NACLC or equivalent background investigation.
• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, Software Engineering, Information Systems, Computer Engineering, or a related discipline from an accredited institution.
• 5+ years of hands‑on experience in cybersecurity compliance, risk management, or information assurance roles.
• Demonstrated experience supporting the Risk Management Framework (RMF) lifecycle.
• Strong working knowledge of NIST SP 800‑53 security controls.
• Hands‑on experience with CSAM (or comparable GRC / A&A tooling).
• Experience working with systems operating in regulated or sensitive data environments.

PREFERRED / NICE‑TO‑HAVE QUALIFICATIONS

• Prior favorable federal or DoD background investigations.
• Familiarity with cloud system authorization contexts.
• Experience supporting or aligning with additional compliance frameworks, such as:

o CMMC o CMMI o HIPAA / HITECH o Other federal, defense, or regulated‑industry assurance models

• Experience in DoD, federal civilian, or defense contractor environments.

EQUAL OPPORTUNITY EMPLOYER: Affinity is committed to creating a diverse environment and is proud to be an equal opportunity employer. Job Type: Full-time Application Question(s):

• Do you have US Citizenship?
• What is your annual salary expectation?
• Do you have prior government project experience (civilian or defense)?

Experience:

• Risk management/Cybersecurity: 5 years (Preferred)

Work Location: Remote Apply tot his job Apply To this Job