RMF Analyst / Cybersecurity Compliance Specialist
Creative Visions, Washington, District of Columbia, United States
Job Description:
Creative Visions is seeking a Cybersecurity Compliance Analyst to support a federal cybersecurity program operating within the National Institute of Standards and Technology Risk Management Framework (RMF). This role is responsible for maintaining and managing system security documentation and compliance artifacts required for system authorization and continuous monitoring.
The selected candidate will work directly with cybersecurity engineers, analysts, and system owners to ensure that documentation accurately reflects system configurations, implemented controls, and ongoing changes within a hybrid IT environment. This is not a general records management role-this position is embedded in the RMF lifecycle and requires hands-on experience supporting compliance-driven documentation.
Key Responsibilities:
Maintain and update RMF documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms), ensuring accuracy and alignment with system changes.
Ensure all security documentation remains audit-ready by validating completeness, consistency, and alignment with implemented security controls.Support continuous monitoring activities by maintaining documentation and artifacts required for ongoing authorization.
Maintain documentation repositories (e.g., SharePoint or similar platforms) with structured organization, access control, and traceability.
Manage document version control, baselines, and review cycles to ensure integrity across all compliance artifacts.
Coordinate with system engineers and security analysts to capture changes in system architecture, boundary definitions, and control implementations, and reflect those changes in documentation.
Track and manage POA&M items, including ownership, status updates, remediation timelines, and supporting evidence, coordinating directly with technical teams to ensure closure.
Required Qualifications:
Demonstrated experience supporting RMF or similar federal cybersecurity compliance frameworks.
Understanding of how system changes impact security controls and associated documentation.
Strong attention to detail with the ability to manage multiple documentation artifacts in parallel.
Experience working with technical teams (engineers, analysts, system owners) to validate and maintain documentation.
Hands-on experience maintaining or supporting SSPs, POA&Ms, SARs, or related security documentation.
Preferred Skills:
Experience supporting federal ATO processes or audit activities.
Familiarity with tools such as eMASS, SharePoint, or other compliance/document management systems.
Understanding of NIST 800-53 security controls and continuous monitoring practices.
Creative Visions is seeking a Cybersecurity Compliance Analyst to support a federal cybersecurity program operating within the National Institute of Standards and Technology Risk Management Framework (RMF). This role is responsible for maintaining and managing system security documentation and compliance artifacts required for system authorization and continuous monitoring.
The selected candidate will work directly with cybersecurity engineers, analysts, and system owners to ensure that documentation accurately reflects system configurations, implemented controls, and ongoing changes within a hybrid IT environment. This is not a general records management role-this position is embedded in the RMF lifecycle and requires hands-on experience supporting compliance-driven documentation.
Key Responsibilities:
Maintain and update RMF documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms), ensuring accuracy and alignment with system changes.
Ensure all security documentation remains audit-ready by validating completeness, consistency, and alignment with implemented security controls.Support continuous monitoring activities by maintaining documentation and artifacts required for ongoing authorization.
Maintain documentation repositories (e.g., SharePoint or similar platforms) with structured organization, access control, and traceability.
Manage document version control, baselines, and review cycles to ensure integrity across all compliance artifacts.
Coordinate with system engineers and security analysts to capture changes in system architecture, boundary definitions, and control implementations, and reflect those changes in documentation.
Track and manage POA&M items, including ownership, status updates, remediation timelines, and supporting evidence, coordinating directly with technical teams to ensure closure.
Required Qualifications:
Demonstrated experience supporting RMF or similar federal cybersecurity compliance frameworks.
Understanding of how system changes impact security controls and associated documentation.
Strong attention to detail with the ability to manage multiple documentation artifacts in parallel.
Experience working with technical teams (engineers, analysts, system owners) to validate and maintain documentation.
Hands-on experience maintaining or supporting SSPs, POA&Ms, SARs, or related security documentation.
Preferred Skills:
Experience supporting federal ATO processes or audit activities.
Familiarity with tools such as eMASS, SharePoint, or other compliance/document management systems.
Understanding of NIST 800-53 security controls and continuous monitoring practices.