Description

Dragonfli Group is a cybersecurity and IT consulting firm providing specialized support to both federal agencies and large commercial enterprises. We are seeking an experienced Cybersecurity Assessment & Authorization Specialist (NIST RMF & Federal Compliance) to join the Risk Portfolio’s Assessment and Authorization program for a large federal agency.

In this role, you will lead and manage the execution of security assessments for a variety of applications and domains, including cloud computing, ensuring compliance with NIST Risk Management Framework (RMF), ISO standards, and organizational A&A policies. You will be responsible for evaluating, validating, and documenting security controls to meet information assurance (IA) and regulatory requirements.

You will collaborate with technical and business stakeholders to develop secure IT architecture designs, actionable security blueprints, and operational security guidelines that reduce risk and enhance enterprise resilience. You will leverage Governance, Risk, and Compliance (GRC) tools to manage the A&A process efficiently, provide subject matter expertise (SME) guidance, and help shape the future of enterprise cybersecurity posture.

General Responsibilities:

Manage security assessments for multiple IT applications, domains, and cloud environments.
Coordinate and oversee complex projects with high visibility, scope, and risk.
Serve as the primary SME for the A&A process, guiding internal teams and new resources.
Collaborate with stakeholders, business units, and executives to ensure security requirements are met.
Develop and maintain project schedules, step-by-step action plans, and deliverable timelines.
Deliver executive-level briefings and risk reports in a clear, actionable format.

Technical Responsibilities:

Implement, validate, and document security controls in alignment with NIST RMF and ISO standards.
Conduct risk assessments and ensure compliance with organizational IA policies.
Evaluate and maintain security architecture principles, models, and design standards.
Perform vulnerability and network scanning using industry-standard tools.
Utilize Governance, Risk, and Compliance (GRC) platforms to manage the A&A lifecycle.
Support enterprise security design efforts to ensure consistent, usable, and secure IT infrastructures.
Ensure appropriate risk treatment, compliance, and assurance from internal and external perspectives.

Requirements

Ability to manage security assessments for multiple applications and domains, including cloud computing environments.
Experience managing large, complex, and high-risk projects or initiatives.
Demonstrated proficiency in: Implementing security controls; Conducting risk assessments; Documenting compliance measures based on NIST Risk Management Framework (RMF) and ISO standards.
Experience evaluating, supporting, and documenting validation and accreditation processes to ensure new and existing IT systems meet information assurance (IA) and security requirements.
Ability to ensure appropriate risk treatment, compliance, and assurance from both internal and external perspectives.
Experience developing security blueprints, principles, models, designs, standards, and guidelines to support secure and consistent enterprise IT architecture.
Experience with network and vulnerability scanning tools and technologies for system interrogation and configuration/status assessment.
In-depth understanding of security architecture principles and best practices to design, implement, and maintain secure IT infrastructures in alignment with A&A policies.
Proficiency in using Governance, Risk, and Compliance (GRC) tools to manage Assessment and Authorization (A&A) processes.
Ability to serve as a subject matter expert (SME) for the A&A process, providing guidance to stakeholders, business units, and new A&A resources.
Strong organizational skills to develop and maintain schedules and step-by-step action plans.
Effective communication and collaboration skills to work with cross-functional teams, brief executives, and engage with stakeholders at all levels.

Skill(s)

None

Benefits

Insurance – health, dental, and vision
Paid Time Off (PTO) and 11 Federal Holidays
401(k) employer match

Travel