Information Security Engineer SME

- Lead and oversee the implementation of the Security Assessment and Authorization (SAA) Program - Mentor and supervise a team of security professionals managing the full RMF lifecycle for Enterprise IT systems - Coordinate the Prepare step activities to ensure clear definitions of roles, responsibilities, and risk management strategies - Guide system categorization to ensure accurate classification based on mission/business impact and regulatory compliance - Direct the selection, customization, and documentation of security controls in line with system categorizations and compliance needs - Oversee the application of technical, operational, and management controls throughout system and application lifecycles, emphasizing quality and thoroughness - Ensure comprehensive assessments of security controls are executed, planned, and documented to evaluate the effectiveness of safeguards - Prepare risk management documentation for system authorization and executive-level decision-making - Direct ongoing monitoring and continuous assessment efforts, collecting metrics to refine security strategies and sustain compliance - Act as a primary technical advisor on cybersecurity, providing expertise in risk analysis, incident response, system remediation, and audit support - Promote a culture of security awareness through technical guidance and training for team members and stakeholders - Track, report, and communicate the status, risks, and opportunities for improvement related to security engineering activities to leadership and stakeholders - Stay updated on RMF, NIST guidance, and industry best practices for continuous process improvement