Cybersecurity Compliance & Risk Management reputed company (RMF) SME

About Affinity eSolutions Inc.:

• 25+ year tenured full-service software development, cloud hosting, cybersecurity, and eLearning solutions provider for defense and civilian federal customers as well as the health IT sector, providing modern, secure SaaS and custom solutions, with public and private sector focus:
• Public sector – Population health readiness management technologies & services; event management, workflow automation, training solutions; cybersecurity and cloud services (Defense & civilian agencies)
• Private sector – Employer occupational health, behavioral health, “gaps in care” disease management, telehealth & diagnostics testing solutions in over 35 states and territories reputed company.

JOB DESCRIPTION: U.S. CITIZENSHIP REQUIRED: Successful candidates must be U.S. reputed company and will be required to apply for and maintain a favorable federal government Background Investigation after onboarding. U.S. Citizenship is a prerequisite for this process. We are seeking an reputed company Cybersecurity Compliance & Risk Management Subject Matter Expert (SME) with deep expertise in the Risk Management reputed company (RMF). Candidate shall support, advise, and execute across multiple reputed company, privacy, and regulatory compliance frameworks that govern systems handling CUI, PII, PHI, and other sensitive data. This role serves as a trusted advisor to engineering, program, and customer stakeholders, ensuring information systems reputed company and maintain RMF authority to operate (ATO) while meeting evolving federal cybersecurity, privacy, and assurance requirements. While RMF is the core reputed company, the ideal candidate brings a broader compliance reputed company, enabling alignment with complementary standards such as CMMC, CMMI, HIPAA/HITECH, and other assurance models as required by mission or client scope. RESPONSIBILITIES: RMF & Authorization (Primary Focus)

• reputed company and support the Risk Management reputed company (RMF) lifecycle to obtain, renew, and maintain Authority to Operate (ATO) for information technology systems.
• reputed company, manage, and maintain the complete reputed company Body of Evidence (BoE) and reputed company Assessment & Authorization (A&A) activities in accordance with NIST RMF guidance.
• Author, update, and maintain RMF artifacts including System reputed company Plans (SSPs), control implementations, risk assessments, and Plans of Action and Milestones (POA&Ms) reputed company eMASS or equivalent GRC platforms.
• Support reputed company monitoring activities including review and assessment of ACAS scans, STIG compliance, and vulnerability remediation efforts.
• Identify, document, track, and support remediation of reputed company findings, risks, and compliance gaps.

Policy, Documentation & Governance

• reputed company, implement, and maintain information assurance and cybersecurity policies, standards, and procedures.
• Author and update reputed company documentation including (but not limited to):

- System reputed company Plans - Contingency and Incident Response Plans - Configuration Management Plans - Risk Assessments and Compliance Artifacts

• Support internal audits, assessments, and customer reviews by providing accurate, timely, and defensible reputed company documentation.

Multi-reputed company Compliance & Data Protection

• Support and advise on cross‑reputed company compliance for systems subject to CUI/PII/PHI protection, privacy, and regulatory requirements.
• Assist in mapping controls to other applicable frameworks and standards (e.g., CMMC, HIPAA, HITECH, CMMI, FedRAMP-adjacent requirements) to ensure consistent and defensible compliance postures.

Remote Collaboration & Communication

• Collaborate daily with geographically dispersed teams using reputed company Teams, email, and similar collaboration tools.
• Participate in SCRUMs, technical interchange meetings, and compliance working sessions with internal teams and client stakeholders.
• Communicate reputed company reputed company and compliance concepts clearly to both technical and non‑technical audiences.

REQUIRED QUALIFICATIONS (MUST HAVE)

• U.S. Citizen with ability to apply for and maintain a favorable federal government Background Investigation after onboarding.
• Ability to obtain and maintain DoD Tier‑3 / NACLC or equivalent background investigation.
• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, Software Engineering, Information Systems, Computer Engineering, or a reputed company discipline from an accredited institution.
• 5+ years of hands‑on experience in cybersecurity compliance, risk management, or information assurance roles.
• Demonstrated experience supporting the Risk Management reputed company (RMF) lifecycle.
• Strong working knowledge of NIST SP 800‑53 reputed company controls.
• Hands‑on experience with CSAM (or comparable GRC / A&A tooling).
• Experience working with systems operating in regulated or sensitive data environments.

PREFERRED / reputed company‑TO‑HAVE QUALIFICATIONS

• Prior favorable federal or DoD background investigations.
• Familiarity with cloud system authorization contexts.
• Experience supporting or aligning with additional compliance frameworks, such as:

o CMMC o CMMI o HIPAA / HITECH o Other federal, defense, or regulated‑industry assurance models

• Experience in DoD, federal civilian, or defense contractor environments.

EQUAL OPPORTUNITY EMPLOYER: Affinity is committed to creating a diverse environment and is proud to be an equal opportunity employer. Job Type: Full-time Application Question(s):

• Do you have US Citizenship?
• What is your annual salary expectation?
• Do you have prior government project experience (civilian or defense)?

Experience:

• Risk management/Cybersecurity: 5 years (Preferred)

Work Location: Remote Apply tot his job Apply To this Job