What are the responsibilities and job description for the RMF, Security & ATO Manager position at Latitude IT Solutions | SDVOSB?
Who we are...
Latitude is a growing Service-Disabled Veteran Owned (SDVOSB) Company within the Federal Sector. We have experience in working with various federal clients across multiple different agencies. We believe in adopting and growing a remote work-from-home culture wherever possible to ensure a healthy work-to-life balance. We believe in automating the mundane and investing in our employees helping them grow their careers over time. We strive for innovation and want to develop solutions that we can take pride in and help break through some of the barriers that exist in technology and the government sectors today.
About The Role
Latitude IT Solutions is seeking an RMF, Security & ATO Manager to own and maintain the Authority to Operate for a complex, multi-tenant VA health IT platform. You will own the full NIST SP 800-37 Rev. 2 RMF lifecycle: categorization, control selection, implementation, assessment, authorization, and continuous monitoring.
What You'll Do
Latitude is a growing Service-Disabled Veteran Owned (SDVOSB) Company within the Federal Sector. We have experience in working with various federal clients across multiple different agencies. We believe in adopting and growing a remote work-from-home culture wherever possible to ensure a healthy work-to-life balance. We believe in automating the mundane and investing in our employees helping them grow their careers over time. We strive for innovation and want to develop solutions that we can take pride in and help break through some of the barriers that exist in technology and the government sectors today.
About The Role
Latitude IT Solutions is seeking an RMF, Security & ATO Manager to own and maintain the Authority to Operate for a complex, multi-tenant VA health IT platform. You will own the full NIST SP 800-37 Rev. 2 RMF lifecycle: categorization, control selection, implementation, assessment, authorization, and continuous monitoring.
What You'll Do
- Own the System Security Plan (SSP), POA&M, and all ATO documentation maintained in eMASS
- Manage the full RMF lifecycle under NIST SP 800-37 Rev. 2 and NIST SP 800-53 Rev. 5, including annual control assessments and continuous monitoring
- Serve as primary liaison with the VA ISSO, Security Controls Assessor, and Authorizing Official
- Maintain HSPD-12/PIV compliance (IAL3/AAL3/FAL3) and VA IAM/MPI integration; ensure all personnel access meets PIV requirements within 10 business days of award
- Coordinate FISMA and HIPAA compliance controls across all platform tenant applications; manage control inheritance documentation for sub-authorizations
- Lead Fortify, Nessus, and continuous compliance monitoring; partner with DevSecOps Director to enforce ATO controls at the pipeline level
- Maintain the Incident Response Plan (IRP) and Disaster Recovery Plan (DRP); lead annual tabletop exercises
- Maintain the Policy Change Register; distribute VA policy, NIST guidance, and TRM updates within 24 hours of receipt
- 7 years of federal cybersecurity/RMF experience with hands-on ATO ownership (not advisory) on a VA or federal health IT system
- Expert-level knowledge of NIST SP 800-53 Rev. 5 and NIST SP 800-37 Rev. 2
- Direct eMASS experience: SSP authoring, control implementation statements, POA&M management
- PIV/HSPD-12 compliance and FICAM architecture experience
- HIPAA Security Rule controls mapped to NIST 800-53 families
- Active Dept of Veteran Affairs PIV credentials
- CISSP certification
- CAP (Certified Authorization Professional)
- Prior VA OIT ATO experience
- VA CDM, SNOWCAM, or VA continuous monitoring tooling experience
- Multi-tenant tiered authorization (system of systems ATO) experience
- Applicants selected will be subject to a Security Investigation and May need to Meet Requirements for Access to Protected and/or Classified Information
- Applicants need to be a US Citizen to be considered for the position and have physically resided in the United States for a minimum of 3 years due to background investigation requirements
- Medical, Vision, Dental
- Paid Vacation & Sick Time
- Paid Federal Holidays
- 401k Retirement Plan with 100% Company Matching
- Employer Paid Life Insurance
- Continued Education Assistance
- Employee Assistance Program (EAP)
- Commuter Benefits Program
- Health Savings Account (HSA)