We are looking for a Navy Qualified Validator (NQV) with substantive knowledge of NIST RMF and the NAVWAR Risk Assessment Guide. The ideal candidate will play a critical role in supporting the Risk Management Framework (RMF) Assessment and Authorization (A&A) processes for various Department of Defense (DoD) and Department of the Navy (DoN) systems, ensuring compliance with cybersecurity requirements and maintaining system integrity.
Responsibilities
RMF Package Development: Provide expert-level support in developing, reviewing, and validating RMF A&A packages in compliance with NIST SP 800-37, Navy RMF Process Guide (RPG), and NAVWAR Risk Assessment Guide. Ensure all documentation meets DoD and Navy requirements for system authorization.
Validation Services: Serve as a trusted agent and technical representative to the Security Control Assessor (SCA), conducting thorough technical evaluations of systems to assess compliance with assigned security controls. Provide accurate assessments and document security posture, capabilities, and vulnerabilities.
Artifact Development: Lead the creation of System Security Plans (SSP), Security Assessment Plans (SAP), and Security Assessment Reports (SAR). Execute custom test procedures and document results in government A&A tracking tools (e.g., eMASS).
Risk Analysis: Perform detailed risk analysis, identify system vulnerabilities, and provide comprehensive recommendations for risk mitigation. Develop executive summaries to convey technical findings and risk assessments to stakeholders.
Compliance Liaison: Collaborate with Program Managers (PM), Information System Security Managers (ISSM), and the SCA to ensure continuous monitoring and updates to RMF controls based on the CYBERSAFE grading and evolving cybersecurity requirements.
Authorization Support: Assist in obtaining A&A approvals by ensuring all necessary documentation and artifacts are completed, accurate, and submitted in a timely manner to the appropriate Authorizing Official (AO). Provide guidance on corrective actions and recommendations for optimizing the RMF approval process.
Requirements
Must be 8570 Compliant. CISSP preferred
Required Certification: Navy Qualified Validator (NQV) Level II or III.
Expertise: In-depth knowledge of NIST SP 800-37, Navy RMF Process Guide (RPG), and NAVWAR Risk Assessment Guide. Experience with DoD A&A processes and cybersecurity compliance.
Technical Skills: Proficiency in using government A&A tools (e.g., eMASS), conducting security assessments, and creating RMF documentation, including SAP, SAR, and SSP.
Experience: Minimum of 5 years of experience in cybersecurity validation, risk assessment, and supporting RMF A&A processes for DoD and Navy systems.
Security Clearance: Active Top-Secret clearance with Sensitive Compartmented Information (SCI) eligibility.
All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, age, marital status, pregnancy, genetic information, or other legally protected status.
