Job Description

Take2 Consulting has proven experience bridging the intersection of technology and people solutions. As a trusted partner for the federal government and defense community, we deliver the right talent and technical expertise to strengthen mission resilience, cybersecurity posture, and digital modernization efforts.

We are seeking a Cybersecurity Risk Management Framework (RMF) Lead to provide technical expertise and oversight for cyber workstreams related to operational technology (OT) resiliency and the Risk Management Framework. The RMF Lead will apply systems engineering and cybersecurity principles to ensure the integrity, reliability, and security of complex, mission-critical environments supporting defense programs.

This position involves managing a team of RMF subject matter experts and Information Systems Security Engineers (ISSEs) focused on securing operational technology, developing RMF artifacts, and assessing RMF packages for compliance and risk posture.

Key Responsibilities:

• Lead validation activities for Risk Management Framework (RMF) packages and oversee all assessment efforts to ensure compliance with DoD cybersecurity standards.
• Apply systems engineering methodologies to assess, design, and validate security controls across OT, ICS, and SCADA environments.
• Analyze architecture diagrams, vulnerability data, and technical documentation to identify system risks and develop mitigation strategies.
• Manage and mentor a team of cybersecurity professionals to meet project milestones and deliverables.
• Provide oversight for assessment teams and ISSEs performing system hardening and RMF documentation.
• Direct the creation of Security Assessment Plans (SAPs) and provide expert guidance on STIGs and SRGs.
• Execute comprehensive system and site validations, including domestic and international environments, in accordance with NIST 800-53 standards.
• Advise leadership on process improvements, automation, and updates to cybersecurity policies and SOPs.
• Conduct vulnerability assessments using ACAS/Nessus and manage POA&Ms to mitigate risks.

Required Qualifications:

• Bachelor’s degree in Cybersecurity, Computer Science, or related discipline
• 7+ years of cybersecurity or risk management experience
• Demonstrated experience supporting Navy or DoD RMF initiatives
• Proven leadership in managing RMF projects and validation teams
• CompTIA Security+ CE certification
• Certified Information Security Manager (CISM)

Preferred Qualifications:

• Navy Qualified Validator (NQV)
• Experience with Operational Technology (OT) or Facility-Related Control Systems (FRCS)
• Master’s degree or advanced certifications (CISSP, CISM, etc.)
• Experience with ACAS/Nessus vulnerability analysis
• Familiarity with NIST 800-53, STIGs, and DoD RMF lifecycle processes
• Background supporting Security Controls Assessor (SCA) or CIO functions
• Experience conducting domestic and international site validations
• Working Conditions:
• Hybrid work environment with offices in Washington, DC, and Arlington, VA
• Occasional travel (5–20%) for site assessments

Job Tags

Similar Jobs