Risk Management Framework SME

GovCIO is currently hiring for a Risk Management Framework SME to support modernization effort. This position will be located in Hampton, VA on Joint Base Langley-Eustis and will be a fully onsite position. Responsibilities We are seeking a highly skilled Risk Management Framework (RMF) Subject Matter Expert (SME) with a strong information system security manager (ISSM) background and hands-on experience with XACTA. You will guide system owners, engineering, teams and leadership through the full RMF lifecycle- ensuring compliance, managing documentation, and supporting secure system operations across classified and unclassified environments. This position is located at Langley Air Force Base, Hampton, Virginia.   Key Responsibilities Lead and manage the full DOD RMF process for assigned systems Provide ISSM-level oversight and guidance to ensure compliance with DOD, NIST and agency-specific security policies Develop, maintain, and validate RMF documentation including System Security Plans, Security controls traceability matrices, POA&M, and systems categorization artifacts Utilize XACTA for control implementation, evidence upload, package creation, workflow, management, and assessment preparation Work closely with engineers, administrators, developers, and mission stakeholders to ensure secure design and architecture decisions Lead assessment preparation activities and support independent audits, CCRI reviews, and Authorizing Official (AO) evaluations Conduct vulnerability analysis, risk assessment and remediation planning Guide continuous monitoring activities: STIG compliance, vulnerability scanning, patch management review, and incident documentation Serve as a subject matter expert for cybersecurity policy interpretation, control inheritance, and risk acceptance recommendations Provide training, mentoring and support to security analysts and program team members Qualifications High School with 9+ years (or commensurate experience) Required Skills and Experience Clearance: TS/SCI  Proven experience supporting or performing duties as an ISSM or ISSO Hands-on experience with XACTA for RMF package development Experience with STIGs, ACAS, HBSS/Trellix, vulnerability management, and secure configuration baselines Strong communication skills and the ability to brief leadership and stakeholders DOD 8140 IAM Level III (CISSP, CISM, CCISO) Preferred Skills and Experience  Experience supporting complex, multi-system environments or programs of record Experience supporting CCRI/ Command Cyber Readiness Inspections  Experience with DOD networks (NIPR, SIPR, JWICS)