Back to all jobs

Risk Management Framework Analyst, Mid

Booz Allen

Dec 15

Risk Management Framework Analyst, Mid

Key Role:

Provide non-personal professional services to a DoD organization. Work with system owners and system stewards to gather and document information to assist with the creation of ATO packages and managing the system of record in eMASS.  Review and help write control implementation statements. Work with system teams and Information System Owners (ISOs) to review, update, and create POAMs, System Security Plans, topology diagrams, Privacy Impact Assessments, and other artifacts. Use the eMASS Governance, Risk Management, and Compliance (GRC) tool.  Provide guidance and support to system teams and ISOs throughout every step of the Risk Management Framework (RMF) process and eMASS workflows. Make recommendations on system actions and milestones. Brief senior colleagues and clients on program activities and status. This position is located in San Antonio, Texas.

Basic Qualifications:

  • 5+ years of experience in creating, managing, and maintaining ATO packages, implementation narratives and associated artifacts, POAMs, SOPs, and FISMA security documents
  • Experience with supporting system ATO processes and creating artifacts, control implementation details, and POAMs
  • Experience with National Institute of Standards and Technology (NIST) 800-53 security controls, the GRC tool, RMF, and security compliance processes
  • Experience with eMASS
  • Knowledge of the Federal Information Security Management Act (FISMA) criteria
  • Ability to assist in the development of a schedule to address outstanding authorization requirements, and coordinate directly with system team stakeholders
  • Ability to facilitate client-facing meetings and gather authorization requirements and documents for complex systems
  • Bachelor's degree

Additional Qualifications:

  • Experience with secure configuration or hardening of DoD information systems
  • Possession of excellent verbal and written communications skills

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.