2

Remote Rmf Jobs in Washington, DC (NOW HIRING)

This position is fully remote. This position requires a Public Trust or the ability to obtain a ... Lead enterprise implementation of the NIST Risk Management Framework (RMF) across NIH/OD ...

Apply Early

This role supports Authorization and Accreditation (A&A), Risk Management Framework (RMF) ATO ... For Remote Opportunities), education and certifications as well as Federal Government Contract ...

NIH - ISSM

Bethesda, MD · On-site +1

This position is fully remote. This position requires a Public Trust or the ability to obtain a ... Lead enterprise implementation of the NIST Risk Management Framework (RMF) across NIH/OD ...

Senior Director - Cyber Security & Innovation

VA · On-site +1

$111K - $150K/yr

This is a remote position. Essential Duties and Responsibilities: - Direct activities that have a ... RMF implementation and continuous monitoring to ensure compliance in cloud and development ...

Manager, Cyber Security

Reston, VA · Remote

$115K - $156K/yr

... require RMF alignment, assessment documentation, POA&M management, contingency planning ... This position is remote within the United States. Please note that ICF monitors employee work ...

The ideal candidate will possess deep knowledge of Risk Management Framework (RMF), cybersecurity ... Flexible and remote work policies for most positions * Flexible PTO and holiday schedule For more ...

next page

Showing results 1-20

Remote Rmf information

See Washington, DC salary details

$33.4K

$107.5K

$193.1K

How much do remote rmf jobs pay per year?

As of Jul 6, 2026, the average yearly pay for remote rmf in Washington, DC is $107,513.00, according to ZipRecruiter salary data. Most workers in this role earn between $56,100.00 and $144,400.00 per year, depending on experience, location, and employer.

What is a Remote RMF job?

A Remote RMF (Risk Management Framework) job involves managing cybersecurity risk and compliance for an organization while working remotely. Professionals in this role ensure that IT systems align with federal security standards, such as those outlined by NIST. Responsibilities may include conducting risk assessments, implementing security controls, and maintaining compliance documentation. Remote RMF specialists often work with government agencies, contractors, or private companies handling sensitive data. This position requires expertise in cybersecurity policies, risk management, and regulatory compliance.

What are the typical daily responsibilities of a Remote RMF Specialist?

As a Remote RMF Specialist, your daily responsibilities often include conducting security assessments, preparing and reviewing authorization packages, and ensuring ongoing compliance with federal information security standards. You'll collaborate with cross-functional teams to identify risks, develop mitigation strategies, and document security control implementations. Regular communication with stakeholders, participation in virtual meetings, and continual monitoring of systems and processes to ensure compliance are also core aspects of the job. This role leverages remote work tools to collaborate effectively with cybersecurity, IT, and compliance professionals across multiple locations.

What are the key skills and qualifications needed to thrive in the Remote Rmf position, and why are they important?

To thrive as a Remote RMF (Risk Management Framework) Specialist, you need a strong understanding of information security principles, federal risk management frameworks (such as NIST SP 800-37), and relevant cybersecurity policies, typically backed by a degree in information security or related field. Familiarity with security assessment tools, governance, risk, and compliance (GRC) software, as well as certifications like CISSP, CAP, or CISM, is highly valued. Excellent organizational skills, attention to detail, and the ability to communicate complex security concepts clearly are important soft skills. These capabilities are critical to ensure regulatory compliance and robust information system security in a remote work context.

What job categories do people searching Remote Rmf jobs in Washington, DC look for? The top searched job categories for Remote Rmf jobs in Washington, DC are:
Infographic showing various Remote Rmf job openings in Washington, DC as of June 2026, with employment types broken down into 67% Full Time, and 33% Contract. Highlights an 100% Remote job distribution, with an average salary of $107,513 per year, or $51.7 per hour.
NIH - ISSM

NIH - ISSM

cFocus Software Incorporated

Bethesda, MD • Remote

Full-time

Posted 5 days ago

Be an early applicant


Job description

cFocus Software seeks a Information Systems Security Manager (ISSM) to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
  • Public Trust Clearance
  • B.S. Computer Science, Information Technology, or a related field
  • 7+ years of progressively responsible experience supporting Federal cybersecurity programs.
  • 5+ years serving as an ISSM, Senior ISSO, Security Manager, or equivalent cybersecurity leadership role.
  • Demonstrated experience managing multiple federal information systems through the RMF lifecycle.
  • Experience supporting FISMA High, Moderate, or Low systems.
  • Active CISSP, CISM, CAP, GSLC, or Security+

Duties:
  • Lead enterprise implementation of the NIST Risk Management Framework (RMF) across NIH/OD information systems.
  • Manage the complete Assessment & Authorization (A&A) lifecycle for Low and Moderate FISMA systems.
  • Direct the development, review, and approval of System Security Plans (SSPs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), Plans of Action & Milestones (POA&Ms), Security Control Traceability Matrices, and authorization packages.
  • Oversee continuous monitoring activities to ensure ongoing security authorization.
  • Supervise and mentor Information System Security Officers (ISSOs) supporting NIH/OD systems.
  • Provide cybersecurity guidance to System Owners regarding implementation of NIST SP 800-53 Rev. 5 security controls.
  • Manage enterprise cybersecurity risk assessments and recommend appropriate risk mitigation strategies.
  • Oversee Risk Mitigation Waiver documentation, approvals, compensating controls, and periodic reassessment of residual risk.
  • Coordinate with Security Control Assessors (SCAs), Authorizing Officials (AOs), System Owners, Privacy Officials, and executive leadership throughout the authorization process.
  • Ensure compliance with FISMA, HHS, NIH, NIST, OMB, and Federal cybersecurity requirements.
  • Review security architectures and proposed system changes for compliance with security requirements.
  • Direct enterprise POA&M management activities, remediation tracking, and corrective action reporting.
  • Review security assessment findings and validate remediation activities.
  • Develop executive-level cybersecurity metrics, dashboards, and risk briefings.
  • Support audit activities conducted by internal and external oversight organizations.
  • Coordinate continuous monitoring strategies, vulnerability remediation activities, and compliance reporting.
  • Provide technical leadership regarding Cybersecurity Supply Chain Risk Management (C-SCRM), common controls, and enterprise security governance.
  • Review security exceptions and risk acceptance packages for executive approval.
  • Ensure all RMF documentation remains current throughout the system lifecycle.
  • Support strategic cybersecurity planning and governance initiatives.

Powered by JazzHR

iKmbQ4T6vx