Security / RMF Lead

Essnova Solutions, Inc. is an award-winning SBA 8(a) and HUBZone small business delivering innovative technology and professional services to government and commercial clients. As Security / RMF Lead, you will play a critical role in ensuring the integrity and compliance of federal information systems under the VISION contract for the National Center for Health Statistics (NCHS). Your leadership will directly impact the security posture and regulatory compliance of mission-critical systems supporting public health initiatives.

Key responsibilities include:

• Maintain System Security Plans (SSPs) as living documents for all NCHS systems, ensuring timely updates after security-impacting changes.
• Manage Plan of Action & Milestones (POA&Ms) with quarterly progress reviews, closure evidence, and remediation tracking.
• Remediate vulnerabilities within mandated timelines, track findings through closure, and provide retesting evidence.
• Prepare Authorization to Operate (ATO) packages—including SSPs, POA&M status, assessment results, and risk analysis—for Authorizing Official review.
• Conduct annual security assessments of one-third-plus-key-controls using CSAM or equivalent tools.
• Submit monthly authenticated vulnerability and application scan results by the fifth business day.
• Coordinate among developers, system owners, and security staff, and liaise with CDC CSPO, NCHS SSPO, and CDC Enterprise Architects.
• Follow CDC CSPO Change Management SOP, including security impact analysis for post-ATO changes.
• Support implementation of the Risk Management Framework (RMF), FISMA compliance, and OMB directives.
• Produce security-related EPLC artifacts for governance and stage-gate reviews.
• Lead SSP development during the 30-day transition-in activation sequence and support SSP submission within 30 days of contract award.
• Support PTA/PIA activities with CDC privacy officials.

Required Qualifications:

• Bachelor's degree in cybersecurity, information assurance, computer science, or a related field
• 6+ years of federal information security experience applying NIST RMF (NIST SP 800-37)
• Experience developing and maintaining SSPs, POA&Ms, and ATO packages for FIPS 199 Moderate or higher systems
• Experience using vulnerability scanning results to track remediation to closure (including retesting evidence) in a federal environment
• Hands-on experience with federal security management tools (CSAM and eMASS)
• Working knowledge of NIST SP 800-53 Rev. 5 and NIST SP 800-53A
• Knowledge of FISMA 2014 reporting and OMB security directives
• Knowledge of Privacy Act and E-Government Act privacy provisions, including PTA/PIA processes
• Experience coordinating with federal ISSOs/CISOs and security authorization officials
• Active Tier 4 / High Risk / Public Trust Level 6+ clearance at proposal submission
• Eligibility for HSPD-12/PIV
• Availability to work during Eastern Time (ET) business hours

Preferred Qualifications:

• CISSP, CISM, or CAP certification (or equivalent)
• Experience supporting CDC, HHS, or federal health agencies
• Experience with CIPSEA-protected data environments or federal statistical agencies
• Experience with FedRAMP continuous monitoring and cloud security assessment

Benefits

• Medical, dental, and vision insurance
• 401(k) with company match
• Paid time off + federal holidays
• Fast-track growth in a high-accountability culture

Why Essnova

• Rapidly growing, innovation-focused GovCon firm
• High-ownership environment where your wins matter
• Direct access to leadership, zero bureaucracy
• Culture built on speed, agility, and results