Senior Risk Management Framework (A&A) Consultant

Senior RMF / A&A Consultant responsible for executing cybersecurity authorization and compliance activities across cloud and enterprise systems. Leads development of RMF artifacts and A&A documentation (SSPs, control implementation matrices, SARs, POA&Ms, risk acceptance materials), supports cloud service authorization leveraging FedRAMP and agency requirements, coordinates A&A activities with System Owners, ISSOs, IAMs, and third-party assessors, and supports 3PAO readiness, SAR development, and audit documentation. Tracks audit findings and remediation, develops recurring audit progress reports for government leadership, maintains compliance repositories, and ensures documentation remains audit-ready. The role requires ability to obtain and maintain a Federal or DoD Public Trust, with active Public Trust or suitability experience preferred. Travel up to 10% is expected. Strong knowledge of NIST RMF and federal A&A processes, SP 800-37/53, FISMA, and FedRAMP, and experience supporting audits and POA&M management. Mentoring junior team members and operating independently on complex assignments are expected. Optional certifications such as Security+, CAP, or equivalent are a plus. We value experience with ServiceNow, GRC platforms, or audit-tracking tools and familiarity with cloud or financial system authorizations. The position is with Guidehouse, an equal opportunity employer working with government and commercial sectors."},