Risk Management Framework (RMF) Lead for NASA Programs

Clearance Level
Project/Task Management
Fort Sam Houston, Texas
Greenbelt, Maryland
Cleveland, Ohio
Stennis Space Center, Mississippi

REQ#: RQ119754

Travel Required: Less than 10%
Public Trust: BI Full 6C (T4)
Requisition Type: Pipeline

Risk Management Framework (RMF) Team Lead for a pending program supporting NASA

We are GDIT. We support and secure some of the most complex government, defense, and intelligence projects across the country. At GDIT, cyber security is not just a singular part of our mission—it connects every one of us because it’s embedded into every aspect of what we do.

The RMF Team Lead role will develop, manage, and implement the Risk Management Framework, and oversee a team of RMF specialists providing Risk Management Framework support services for all existing and new NASA operational information systems (includes subsystems, general support systems, major applications, minor applications) sites, and programs, to include on-premise, cloud, and external contractor information systems. 


  • Oversee enterprise-level services include Independent Assessment Services, Assessment & Authorization services, and Information System Security Official (ISSO) services.
  • Ensure all RMF services in accordance with Federal mandates, NIST guidance, and NASA policies and procedures
  • Lead comprehensive A&A services for NASA information systems, including OT and cloud systems 
  • Oversee system security control assessments in support of initial Authorization to Operate (ATO) decisions and continuous monitoring/ongoing authorization
  • Coordinate with Information System Security Engineer(s) (ISSE) to support the implementation of the RMF process and the security controls baseline for the program
  • Responsible for the development, maintenance, and tracking of System Security Plans and other deliverables. 
  • Manage and perform security control implementation and testing efforts. Oversee and perform security testing validation required as part of Assessment & Authorization (A&A) or annual reviews
  • Supervises teams, establishes milestones and monitors adherence to master plans and schedules.
  • While we anticipate being able to accommodate some teleworking, You will be required to work on-site at a NASA location up to 5 days a week, depending on business needs.

What you'll need:


  • 5 or more years of experience
  • NASA experience, current or within the last year
  • Experience with certification and accreditation (C&A) or A&A and as a security control assessor or validator. 
  • Experience with developing, implementing and maintaining guidelines, policies, and procedures supporting a cybersecurity program
  • Strong knowledge of the NIST Cybersecurity Framework
  • Experience with Federal Risk and Authorization Management Program (FedRAMP)
  • Experience with NIST special publications (SPs) regarding the SA process, including SP 800-53, SP 800-137, SP 800-171, and SP 800-37
  • Experience with developing and managing continuous monitoring and plans of action and milestones (POA&M)
  • Experience with assessing systems and applications deployed in cloud environments following federal cybersecurity guidelines and best practices
  • This position will require the ability to obtain and maintain a security clearance. U.S. Citizenship is required to obtain and maintain this clearance; An active or current security clearance or public trust is preferred. 


  • CISSP / CAP / CISA or equivalent certification
  • Familiarity with RSA Archer

GDIT is your place. You make it your own by bringing your ideas and unique perspective to our culture. By owning your opportunity at GDIT, you are helping us ensure today is safe and tomorrow is smarter.


  • Full-flex work week
  • 401K with company match
  • Internal mobility team dedicated to helping you own your career
  • Collaborative teams of highly motivated critical thinkers and innovators
  • Ability to make a real impact on the world around you

About Our Work

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

COVID-19 Vaccination

GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.