Cybersecurity Assessment and Authorization A&A Subject Matter Expert SME - Enterprise Horizon Consulting Group

Company Overview

Enterprise Horizon Consulting Group (EHCG) is a Woman-Owned Small Business specializing in IT Consulting which has successfully delivered key capabilities to the Navy, Army, and NASA over the past 20+ years. EHCG provides best in class services to its customers in the following areas: Business Systems Services; Business Intelligence; Data Analytics and Dashboarding; Enterprise Resource Planning (SAP) Implementation; Legacy System Optimization; Digital Transformation; Cloud Migration; Integration and Modernization; and Risk Management Framework Processes (RMF).

Job Description

Enterprise Horizon Consulting Group is seeking a highly skilled Cybersecurity Assessment and Authorization (A&A) Subject Matter Expert (SME) to support the full lifecycle of cybersecurity authorization activities for complex information systems. This role requires deep expertise in the DoD Risk Management Framework (RMF), NIST security controls, and the assessment and authorization of large, diverse IT environments.

The SME will guide systems through the RMF process, evaluate vulnerabilities, determine severity and mission impact, and brief senior leadership on authorization status and risk posture. This position demands strong analytical skills, expert knowledge of cybersecurity policy, and the ability to apply NIST 800‑53 controls across varied infrastructures.

Key Responsibilities

• Serve as the cybersecurity SME for all Assessment and Authorization (A&A) activities, ensuring compliance with DoD and NIST requirements.
• Perform RMF activities for systems undergoing authorization, including control assessment, documentation review, and risk analysis.
• Apply expert understanding of NIST SP 800‑53 security controls and their relevance to large, complex IT infrastructures composed of multiple enclaves, applications, and outsourced services.
• Identify vulnerabilities, determine severity levels, and assess potential impacts on system authorization status.
• Conduct comprehensive authorization reviews for enterprise‑level systems and environments.
• Brief senior leadership on RMF progress, findings, risks, and recommended courses of action.
• Support the development, implementation, and refinement of cybersecurity policies, procedures, and processes aligned with DoD requirements.
• Apply cybersecurity expertise to emerging technologies, including cloud services, Industrial Control Systems (ICS), warehouse execution systems, and Operational Technology (OT).
• Evaluate and apply cybersecurity controls for modern computing environments such as hybrid cloud, edge computing, and IoT‑related architectures.

Requirements

Minimum Requirements

• Must have an active Secret clearance.
• Minimum five (5) years of relevant Risk Management Framework (RMF) and NIST Assess