2

Remote Rmf Analyst Jobs in Virginia (NOW HIRING)

FTE + Benefits Remote: 80% (4 days a week) Supports the FedRAMP and FISMA authorization(s) of new ... Identify and assess Cloud System state, including vulnerabilities, RMF package status/accreditation ...

FTE + Benefits Remote: 80% (4 days a week) Client supports the FedRAMP and FISMA authorization(s ... Identify and assess Cloud System state, including vulnerabilities, RMF package status/accreditation ...

FTE + Benefits Remote: 80% (4 days a week) Supports the FedRAMP and FISMA authorization(s) of new ... Identify and assess Cloud System state, including vulnerabilities, RMF package status/accreditation ...

FTE + Benefits Remote: 80% (4 days a week) Client supports the FedRAMP and FISMA authorization(s ... Identify and assess Cloud System state, including vulnerabilities, RMF package status/accreditation ...

This role involves conducting on-site and remote cyber risk assessments, developing mitigation ... Deep knowledge of NIST SP 800-30, NIST Risk Management Framework (RMF), and related federal ...

Herndon, VA 20171 (Remote) Employment Type: FTE + Benefits Client is supporting the FedRAMP and ... Identify and assess Cloud System state, including vulnerabilities, RMF package status/accreditation ...

Herndon, VA 20171 (Remote) Employment Type: FTE + Benefits Client is supporting the FedRAMP and ... Identify and assess Cloud System state, including vulnerabilities, RMF package status/accreditation ...

Sr. Analyst - SCRM

VA · On-site +1

$88K - $116K/yr

General information Job Posting Title Sr. Analyst - SCRM Date Thursday, May 28, 2026 City Remote ... RMF/ATO expectations where applicable), and other federal directives affecting supplier and ...

Remote / Alexandria, VA Clearance: Preferred US Gov Secret or above clearance (not a hard ... Integrate static code analysis (SAST), dynamic testing (DAST), container scanning and various ...

... for analyzing, mapping and migrating cybersecurity and Risk Management Framework (RMF) data from ... Remote (Herndon, VA) - Minimal travel and occasional onsite visits required.

next page

Showing results 1-20

Remote Rmf Analyst information

What is the difference between Remote Rmf Analyst vs Remote Rmf Reviewer?

AspectRemote Rmf AnalystRemote Rmf Reviewer
CredentialsTypically requires a degree in life sciences, healthcare, or related field; certifications like RAC or RAC-ML are commonSimilar credentials as Rmf Analyst, often with additional experience in review processes
Work EnvironmentPerforms analysis, risk assessments, and compliance evaluations remotely for pharmaceutical or biotech companiesFocuses on reviewing and validating RMF documents and reports remotely within regulatory teams
Employer & IndustryPharmaceutical, biotech, or medical device companiesRegulatory consulting firms, pharmaceutical companies, or biotech firms

The main difference is that Remote Rmf Analysts conduct risk assessments and analysis, while Remote Rmf Reviewers focus on reviewing and validating risk management files. Both roles require similar credentials and work in the same industry, but their responsibilities differ in scope and focus.

Can a risk analyst work remotely?

Yes, many risk analysts, including RMF analysts, can work remotely, especially with the increasing adoption of digital tools and secure communication platforms. Remote work often requires strong analytical skills, familiarity with risk management software, and the ability to collaborate virtually. However, some roles may require on-site presence for certain assessments or meetings.

How can I make 2000 a week working from home?

A Remote RMF Analyst can potentially earn $2,000 a week by working full-time hours, often 40 or more hours, and gaining specialized skills in risk management frameworks, compliance, and data analysis. Increasing income may involve obtaining relevant certifications, such as CRISC or CISA, and gaining experience to qualify for higher-paying roles or overtime opportunities.

Can you make $500,000 a year in cyber security?

Remote RMF Analysts and cybersecurity professionals can potentially earn $500,000 annually with extensive experience, specialized skills, and advanced certifications like CISSP or CISA. High salaries are typically associated with senior roles, management positions, or working for large organizations in high-cost areas, often involving complex security environments and leadership responsibilities.
What are the most commonly searched types of Rmf Analyst jobs in Virginia? The most popular types of Rmf Analyst jobs in Virginia are:
What job categories do people searching Remote Rmf Analyst jobs in Virginia look for? The top searched job categories for Remote Rmf Analyst jobs in Virginia are:
What cities in Virginia are hiring for Remote Rmf Analyst jobs? Cities in Virginia with the most Remote Rmf Analyst job openings:
Infographic showing various Remote Rmf Analyst job openings in Virginia as of July 2026, with employment types broken down into 100% Full Time. Highlights an 100% Remote job distribution.
RMF, Security & ATO Manager (Remote)

RMF, Security & ATO Manager (Remote)

Oxley Enterprises®, Inc.

Stafford, VA • On-site, Remote

$110K - $149K/yr

Full-time

Medical, Dental, Vision, Life, Retirement

Posted 19 days ago


Job description

The following states/districts are excluded from this job ad: AK, CA, CO, CT, DC, HI, LA, MA, MN, MO, NE, NV, NH, NJ, NM, NY, ND, OR, PR, RI, VT, WA, WY
Future Need - Actively Interviewing
Location: Remote in any United States jurisdiction not excluded from this job advertisement.
As the RMF, Security & ATO Manager, you will lead Risk Management Framework, cybersecurity, and Authority to Operate activities for a complex multi-tenant cloud environments ensuring continuous compliance, zero ATO lapses, and a proactive security posture across a healthcare platform and all hosted tenant applications.
Position Description: The Risk Management Framework (RMF), Security & Authority to Operate (ATO) Manager serves as the lead for cybersecurity compliance, RMF implementation, and authorization activities supporting a mission-critical VA healthcare platform.
Minimum/General Experience: 10 years of experience in federal cybersecurity, information assurance, RMF compliance, and ATO processes
Minimum Education: Bachelor's Degree in cybersecurity, information assurance, computer science, or related field
Essential Skills/Qualifications:
  • Expert ability to ensure all security and authorization activities are executed in accordance with approved cybersecurity policies, RMF processes, and Government security requirements
  • Expert experience managing RMF and ATO processes for complex enterprise or mission-critical systems
  • Expert knowledge of the NIST RMF steps (e.g., Categorize, Select, Implement, Assess, Authorize, Monitor)
  • Expert experience managing federal ATO/ATC packages, continuous monitoring programs, and POA&M lifecycle management
  • Expert understanding of VA Office of Information Technology (OI&T) security governance, directives, and VA Handbook 6500 series
  • Excellent knowledge of Federal cybersecurity frameworks, security compliance processes, and continuous monitoring practices
  • Excellent experience conducting and coordinating security audits
  • Excellent ability to produce and maintain all required RMF security documentation
  • Excellent knowledge of multi-tenant ATO inheritance frameworks, authorization boundaries, and security control allocation between platform and tenant layers
  • Above average experience with vulnerability scanning tools (e.g., Nessus), Static Application Security Testing (SAST) integration, and vulnerability remediation tracking
  • Above average knowledge of healthcare and privacy control implementation in a cloud-hosted environment
  • Knowledge of VA Technical Reference Model (TRM) submission processes, connection management, and credential/account access audit requirements
  • Experience using SNOWCAM
  • Experience supporting Federal Government programs and systems operating in cloud or hybrid environments
  • Excellent verbal and communication skills

General Physical Requirements needed to perform the essential functions of this job may vary based on the location of the assignment.
  • Assignment Location - Remote
  • Sedentary Work - Exerting up to 10 pounds of force occasionally and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects.
  • Typing, communicating, repetitive motions.
  • Close visual acuity to prepare and analyze data, view computer monitors and read. May need to view presentation screens and other visual aids in a virtual setting.
  • Inside environmental conditions with protection from outside elements.

Security: Active Federal Civilian Public Trust clearance
  • U.S. Citizenship or Permanent Resident that has lived in the United States for at least 3 years

Federal Civilian Public Trust Consists of a review of up to but not limited to:
  • Covers 10 year period and in some instances lifetime events
  • OPM Security Investigations Index (SII)
  • DOD Defense Central Investigations Index (DCII)
  • National Agency Check (NAC) records
  • FBI name check
  • FBI fingerprint check
  • Credit report check
  • Written inquiries to previous employers and references listed on the application for employment
  • Potential interviews with the subject, spouse, neighbors, supervisor, coworkers
  • Law enforcement check
  • Court records check
  • Education check - Attendance and Degrees

Tasks/Activities include, but are not limited to:
  • Maintains regular communication with the Contracting Officer's Representative (COR) and Government cybersecurity leadership regarding system authorization status, security posture, and risk mitigation activities
  • Manages all six steps of the NIST RMF process for the VA healthcare platform and all hosted applications
  • Ensures zero lapses in ATO status
  • Initiates, manages, and sustains all ATO/ATC packages including periodic assessment oversight, activities, and staffing of all ATO audits
  • Leads and coordinates all security audits and assessments including internal and external assessment teams
  • Attends all audit meetings, provides documentation, and reviews all findings for accuracy
  • Develops and maintains the platform authorization strategy defining ATO inheritance frameworks, tenant onboarding standards, and platform security guardrails
  • Creates and maintains all POA&Ms ensuring proper NIST security family alignment, mapping, milestone accuracy, and timely closure of findings
  • Produces and delivers monthly RMF, security, and ATO status reports
  • Conducts and maintains incident response and disaster recovery tabletop exercises annually or as mandated
  • Reports exercise results to leadership and implements all corrective actions
  • Manages credential and account audits
  • Submits and maintains internal and external connection requests
  • Manages full lifecycle connection requests (e.g., submission, approval, removal)
  • Ensures full compliance with all applicable VA security and privacy directives

Compensation & Benefits: The annual projected pay range for this position is $131,725 - $171,026 with consideration being given to various factors including but not limited to qualifications, experience, job responsibilities, and geographic location.
Oxley Enterprises, Inc. offers a full array of benefits including:
  • Medical, dental, vision and prescription drug coverage for you and your family.
  • Life Insurance, short-term disability and long-term disability paid for by the Company.
  • Supplemental coverages including Accident, Critical Illness, and Hospital.
  • Additional Life insurance coverage for you and your dependents.
  • 401k plan with various options to select based on your retirement goals.

Oxley Enterprises®, Inc. is a certified service-disabled veteran-owned (SDVOSB), veteran-owned (VOSB), and woman-owned small business (WOSB) that has 26 years of experience building and delivering quality IT systems and programs. Oxley is ranked in the INC 5000 7 times (2016, 2017, 2018, 2021, 2023, 2024, 2025). Oxley is a 2019 - 2025 Department of Labor HIRE Vets Medallion Award Winner. Oxley is Virginia Values Veterans certified.
All qualified applicants will receive consideration for employment without regard to any status protected by applicable federal, state, or local law.
If you require a reasonable accommodation to apply for a position at Oxley Enterprises, Inc., please send an email to our Human Resources Department at: with the following information:
Subject Line: Accommodation Request
Provide a description of your accommodation request
Include your contact information: Full name, Email address, Best number to reach you (optional)
We participate in the E-Verify program.