Risk Management Framework A&A Manager

Guidehouse

RMF/A&A Manager overseeing federal cybersecurity authorization and compliance programs for Guidehouse. Driving execution of Risk Management Framework and managing multiple audits and assessments.

Posted 5/28/2026full-timeHanover • Maryland, Texas • 🇺🇸 United StatesSeniorLead💰 $130,000 - $216,000 per yearWebsite

Tech Stack

Tools & technologies

CloudCyber Security

About the role

Key responsibilities & impact

The RMF / A&A Manager provides senior leadership and strategic oversight for federal cybersecurity authorization, compliance, and audit programs supporting Ginnie Mae enterprise and cloud environments.
This role is accountable for end to end execution of the Risk Management Framework (RMF), Assessment & Authorization (A&A), FedRAMP integration, and IT audit support, ensuring sustained compliance with FISMA, NIST, OMB mandates, and agency policies.
The Manager serves as the primary interface with government leadership and drives delivery excellence across multiple concurrent authorizations, audits, and third party assessments.
Provide programmatic leadership across RMF, A&A, FedRAMP, and IT audit activities for major and minor systems and cloud platforms.
Direct multi disciplinary teams delivering authorization packages, audit responses, third party assessments, and remediation activities.
Serve as senior advisor to Authorizing Officials (AO), CISO, IAM, CTA, and System Owners on risk posture, authorization decisions, and compliance strategy.
Oversee FedRAMP P ATO reviews, agency control inheritance analysis, risk acceptance documentation, and authorization recommendations.
Lead third party assessment (3PAO) coordination and ensure quality, consistency, and timeliness of Security Assessment Reports (SARs).
Ensure development and maintenance of all RMF artifacts (SSP, SAR, POA&M, BIA, PIA, ISA, FIPS 199, contingency plans, and risk acceptance).
Lead enterprise audit readiness and execution for FISMA, financial system audits, and SSAE 18 reviews.
Establish governance processes, SOPs, metrics, dashboards, and executive level reporting.
Drive continuous improvement of RMF and audit processes to enhance efficiency, quality, and sustainability.

Requirements

What you’ll need

Must be able to OBTAIN and MAINTAIN a Federal or DoD "PUBLIC TRUST"; candidates must obtain approved adjudication of their PUBLIC TRUST prior to onboarding with Guidehouse.
Advanced experience leading federal RMF, A&A, and cybersecurity compliance programs.
A Minimum of EIGHT (8) years of experience supporting federal RMF / A&A programs
Minimum of THREE (3) years experience leading RMF, A&A, or cybersecurity compliance teams
Demonstrated leadership of consulting or government teams supporting enterprise security initiatives.
Deep expertise in NIST RMF, FISMA, FedRAMP, and OMB cybersecurity directives.
Proven experience supporting cloud authorization and high impact federal systems.
Strong executive communication, stakeholder management, and risk advisory skills.
Demonstrated experience leading cloud A&A efforts (IaaS, PaaS, SaaS)

Benefits

Comp & perks

Medical, Rx, Dental & Vision Insurance
Personal and Family Sick Time & Company Paid Holidays
Position may be eligible for a discretionary variable incentive bonus
Parental Leave and Adoption Assistance
401(k) Retirement Plan
Basic Life & Supplemental Life
Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts
Short-Term & Long-Term Disability
Student Loan PayDown
Tuition Reimbursement, Personal Development & Learning Opportunities
Skills Development & Certifications
Employee Referral Program
Corporate Sponsored Events & Community Outreach
Emergency Back-Up Childcare Program
Mobility Stipend

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Risk Management Framework (RMF)Assessment & Authorization (A&A)FedRAMPFISMANISTOMB mandatesSecurity Assessment Reports (SARs)cloud authorizationIT auditcybersecurity compliance

Soft Skills

leadershipexecutive communicationstakeholder managementrisk advisoryprogrammatic leadershipdelivery excellencecontinuous improvementteam coordinationstrategic oversightgovernance processes

Certifications

Federal or DoD Public Trust