NIST Risk Management Framework SME

Boston Government Services, LLC. (BGS) is seeking a NIST Risk Management Framework SME to support our clients in Evergreen. The RMF SME will provide expert guidance and support for implementing and maintaining compliance with NIST SP 800-53 security controls across federal systems. This role ensures adherence to the Risk Management Framework lifecycle, including categorization, selection, implementation, assessment, authorization, and continuous monitoring of security controls.

BGS is an engineering, technology, and security firm helping to advance missions of national importance for government programs, national laboratories, national security facilities, nuclear operations, and complex projects. We support clients at every stage, from strategic planning and program management to the execution of engineering and technical activities. We work to attract and retain the best talent because the best talent delivers the best results for our clients.

Our capabilities are based on our experience in complex, secure, and highly regulated environments. We leverage our experience and capabilities to provide mission-driven solutions tuned to our client's mission needs and strategic direction.

We are passionate about our culture! At BGS, we hire people who will bring their whole self to work each day because we value operating with openness and inclusivity, welcoming and respecting all. BGS cares for each employee's well-being by offering a comprehensive benefit package and providing a culture of exciting work, excellence, and fun.

If you align with BGS' company values and culture, we would love for you to explore opportunities to join our growing team by checking out the job description below!

• Lead RMF activities for federal systems, ensuring compliance with NIST SP 800-53 and related standards.
• Develop and maintain System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action & Milestones (POA&Ms).
• Conduct gap analyses and risk assessments to identify compliance deficiencies and recommend remediation strategies.
• Provide expert guidance on security control implementation and documentation for Authorization to Operate (ATO) packages.
• Support security audits and assessments, including preparation for FISMA and FedRAMP requirements.
• Deliver training and workshops on RMF processes and NIST SP 800-53 controls.
• Collaborate with system owners, ISSOs, and other stakeholders to ensure continuous monitoring and risk mitigation.

• Bachelor's degree in Cybersecurity, Information Systems, or related field (or equivalent experience).
• Minimum 5 years of experience in cybersecurity compliance, with at least 3 years focused on RMF and NIST SP 800-53.
• Demonstrated experience developing SSPs, POA&Ms, and conducting security assessments.
• Strong understanding of NIST SP 800 series (800-53, 800-37, 800-171) and FISMA requirements.
• Professional certifications such as CISSP, CISM, CISA, or equivalent are required.
• Excellent technical writing and communication skills for compliance documentation.

• ISSEP (formerly CISSP-ISSEP) certification.
• Experience with cloud security and FedRAMP controls.
• Ability to lead compliance workshops and mentor junior staff.

• This position is a Remote Work Arrangement with some travel/onsite requirements.

BGS offers a competitive total compensation package to eligible employees. Benefits include Health, Dental, Vision, Life Insurance, Paid Vacation, 401K, Long and Short-Term Disability.

BGS is an Equal Opportunity/Affirmative Action employer. All qualified applicants are encouraged to apply and will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or protected veteran status.

BGS has standing contracts with federal agencies throughout the United States. We require an affirmative exclusive agreement to represent all candidates to our clients. By submitting this application, you are consenting to allow BGS to represent you as a candidate for the role in which you are applying.