ISSM - RMF SME

Zachary Piper Solutions is seeking a Senior Information Systems Security Manager (ISSM) and Risk Management Framework (RMF) Subject Matter Expert (SME) to support mission‑critical capabilities for a major Department of Defense customer. This role operates within a pioneering and highly complex defense technology environment, requiring a seasoned cybersecurity professional to lead and oversee RMF implementation, cybersecurity engineering, and authorization activities across system lifecycles. The ISSM will be accountable for maintaining system security posture, advising senior DoD leadership, and safeguarding sensitive information critical to national security. To be successful in this role, candidates must demonstrate in‑depth knowledge of statutory and regulatory guidance, including:DoD Instruction 8500.01 (Cybersecurity)DoD Directive 8140.03 (Cyber Workforce)DoDI 8570 / 8140 IA Workforce requirementsNIST SP 800-37 Rev. 2 (Risk Management Framework)NIST SP 800-53NIST SP 800-160 (System Security Engineering)Key Responsibilities:Serve as the primary cybersecurity authority responsible for integrating System Security Engineering (SSE) principles throughout system design, development, and operational processes.Provide expert guidance on RMF implementation, authorization strategies, and enterprise risk management for a major DoD program.Oversee and validate system security architectures, including authorization boundaries, trust zones, data flows, and external system interfaces.Analyze system designs to identify security gaps, attack vectors, and architectural weaknesses; recommend engineering‑based mitigations.Conduct and oversee risk assessments, threat modeling, attack surface analyses, and mission impact evaluations.Lead Continuous Monitoring (ConMon) activities, including ACAS, SCAP, STIG compliance, and system telemetry integration.Perform and oversee Security Impact Analyses (SIA) for system changes, technology refreshes, and new capability integration.Support agile authorization and continuous ATO (cATO) approaches; experience with Operation Vulcan Logic (OVL) is a plus.Develop and implement incident response and system reconstitution proceduresRequired Qualifications:Active Top Secret clearance with SCI eligibilityBachelor’s degree in Computer Science, Information Technology, or a related fieldMaster’s degree preferred or 10+ years of equivalent experience10+ years of cybersecurity experience, including senior technical or leadership rolesExperience supporting OSD, DoD components, or military organizationsDemonstrated experience advising Senior Executive Service (SES)–level stakeholdersHands‑on experience with eMASS, Xacta, or similar GRC toolsExperience with Federal and FedRAMP A&A processesStrong background in:RMF and authorizationCybersecurity engineeringSystems engineeringRisk management and complianceExcellent written and verbal communication skills, including senior‑level briefingsExperience authoring cybersecurity policies, procedures, and implementation guidesCompensation:**Depending on experience**