We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
Phia LLC jobs

[Contingent] Lead Cybersecurity Compliance Manager (ATO SME)

Phia LLC
medical insurance, dental insurance, life insurance, vision insurance, paid time off, paid holidays, long term disability, 401(k)
United States, Virginia, Fairfax
11166 Fairfax Boulevard (Show on map)
May 14, 2026

DISCLAIMER: This position is in support of a current government proposal. Employment is contingent upon contract award to phia, LLC.

Status: Proposal - Contingent upon Award

Location: Hybrid - Washington, DC Metro Area

Schedule: Full-time | Core hours 0730-1600 EST, Monday-Friday

Focus Areas: RMF/ATO, FISMA Compliance, Security Authorization, ISSO Support, Federal Cybersecurity

Overview

phia is seeking an experienced Lead ATO Subject Matter Expert to serve as the primary technical lead for Risk Management Framework (RMF) and Authorization to Operate (ATO) activities in support of a federal client's information technology security program.

You will lead the full RMF lifecycle across multiple federal information systems, drive security authorization packages to ATO, and coordinate ISSO, SCA, and system owner teams to protect mission-critical IT infrastructure across on-premises, cloud, hybrid, and air-gapped environments.

What You'll Do

  • Lead all phases of the NIST SP 800-37 Rev. 2 RMF lifecycle: Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor, across a range of federal information system types.
  • Develop, manage, and maintain ATO packages including System Security and Privacy Plans (SSPP), Security Assessment Reports (SAR), Plans of Action and Milestones (POA&M), Requirements Traceability Matrices (RTM), Residual Risk Reports, and Threat Matrix Reports.
  • Provide technical direction to ISSO and Security Control Assessor (SCA) teams; ensure proper role separation and independence requirements are maintained across assessment and authorization activities.
  • Conduct system-level risk assessments and brief senior government officials on security posture, residual risks, and recommended risk responses.
  • Lead the selection, tailoring, and allocation of NIST SP 800-53 Rev. 5 security and privacy controls in accordance with applicable federal cybersecurity standards; generate Requirements Traceability Matrices.
  • Develop and maintain Information Security Continuous Monitoring (ISCM) plans to supplement agency-level monitoring strategies at the system level.
  • Coordinate privacy documentation, including Initial Privacy Assessments (IPA), Privacy Impact Assessments (PIA), and Systems of Records Notices (SORN), for systems processing Personally Identifiable Information (PII).
  • Manage MOU and Interconnection Security Agreement (ISA) development for system interconnections; ensure interconnection documentation is included in final A&A packages.
  • Support annual FISMA and FISCAM audits: prepare documentation and respond to auditor requests.
  • Manage scope, schedule, and resource allocation for RMF engagements; provide regular program status reporting.

Who You Are

  • RMF Expert: You have led federal information systems through the complete NIST SP 800-37 lifecycle to ATO. You know what it takes to get an authorization package across the finish line.
  • Documentation Specialist: You produce SSPP, SAR, POA&M, RTM, and authorization package documentation that is accurate, complete, and AO-ready without extensive rework.
  • Privacy-Conscious: You understand the Privacy Act of 1974, OMB A-130, and E-Government Act Section 208 requirements and know how to coordinate IPA/PIA processes with privacy officials.
  • Leader: You can direct cross-functional teams of ISSOs, SCAs, and system owners, keeping everyone aligned on authorization timelines and accountable for their deliverables.
  • Communicator: You translate complex security posture findings into clear risk briefings for senior government officials and executive stakeholders.

Preferred Skills

  • Prior experience supporting federal agency ATO programs
  • Experience with federal authorization management platforms used in federal environments (e.g., JCAM)
  • Experience with classified system (Secret, Top Secret) ATO packages
  • Experience developing Privacy Risk Certification Memos and coordinating with Senior Component Officials for Privacy (SCOP)
  • Familiarity with automated asset discovery and continuous scanning tools for system boundary definition
  • Experience supporting both on-premises and FedRAMP cloud authorization packages

Required Education + Experience

Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field

Experience: 10+ years of IT Project Management experience in both Waterfall and Agile environments; 10+ years performing systems security assessments, preparing A&A documentation, and achieving security authorizations for federal information systems including classified systems; 10+ years of experience with federal IT security regulations and standards

Certifications: Minimum two (2) of the following: CISA (ISACA), CRISC (ISACA), CISM (ISACA), CGEIT (ISACA), CISSP (ISC), CAP/CGRC (ISC)

Clearance: Active TOP SECRET clearance required

GENERAL PROGRAM REQUIREMENTS

Citizenship: Must be a U.S. Citizen. No exception.

Work Hours: Full-time; Monday-Friday core hours 0730-1600 EST

Work Location: Hybrid - Washington, DC Metro Area; on-site presence required. Classified work must be performed at a government-designated facility on government-provided equipment.

Travel: Occasional travel may be required in support of this program.

Who We Are

phia LLC ("phia") is a Northern Virginia based, small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, Information Assurance/Security, Compliance, Certification & Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations support functions such as: Program and Process Management, Engineering, Development, and Systems Administration that allows for Cyber Operations to efficiently integrate our customer's missions and objectives. phia supports various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.

phia offers excellent benefits to enhance work-life balance, including the following:

  • Medical Insurance
  • Dental Insurance
  • Vision Insurance
  • Life Insurance
  • Short Term & Long Term Disability
  • 401k Retirement Savings Plan with Company Match
  • Paid Holidays
  • Paid Time Off (PTO)
  • Tuition and Professional Development Assistance

phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in the provision of employment opportunities and benefits.

Applied = 0
MORE JOBS LIKE THIS

(web-bd9584865-ngh6r)