Support system security authorization and reauthorization efforts for ACA federal systems in compliance with NIST RMF and CMS ARS.
Support Authority to Operate (ATC) efforts for CMS State partner systems in compliance with MARS-E and/or ARC-AMPE.
Maintain, update, and/or review required security documentation (SSP, SAR, POA&M, Contingency Plan, ISA, etc.).
Coordinate with CMS stakeholders, system owners, and cybersecurity SMEs to ensure compliance with FISMA, FedRAMP, and CMS policies.
Monitor and report on the status of POA&M items, risk mitigations, and control implementations.
Participate in control assessments, audits, and continuous monitoring activities.
Support security incident documentation, data calls, and ATO package submissions.
Provide security input and support for changes to the system environment, architecture, or operational posture.
Ensure traceability between security controls, findings, and remediation efforts.

Requirements

Bachelor’s degree in Cybersecurity, Information Systems, or a related field
8+ years of experience supporting RMF, ISSO, or compliance-related activities in a federal IT environment
Working-level knowledge of FISMA, NIST/DoD/HHS/CMS RMF policies, and NIST SP 800-series publications
Experience preparing and maintaining ATO documentation and supporting audits or security reviews
Excellent technical writing, communication, and collaboration skills
Detail-oriented with a strong understanding of security control implementation and tracking.

Benefits

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

NIST RMFFISMAFedRAMPMARS-EARC-AMPESSPSARPOA&Msecurity documentationcontrol assessments

Soft Skills

technical writingcommunicationcollaborationdetail-orientedorganizational skills

Certifications

Bachelor’s degree in CybersecurityBachelor’s degree in Information Systems