CG

RMF/ATO Consultant - U.S. Citizenship Required

Job summary

Knoxville

Work model

Hybrid · 3 days home
3 weeks ago
Job description

Position Overview

CGI is seeking a Risk Management Framework/Authority to Operate (RMF/ATO) Analyst to support an SAP S/4HANA Greenfield implementation project for a large government contract. As the RMF/ATO Analyst, you will support the security compliance lifecycle for an SAP federal financials implementation, ensuring the system meets all FISMA, NIST RMF, GAO FISCAM, FedRAMP, and agency-specific requirements. You will work closely with the SAP Basis, Security, Functional, and Infrastructure teams to develop, maintain, and validate all security artifacts required to obtain and sustain an Authority to Operate (ATO). You will also serve as a government-designated AISSO for the project.

This position is located in one of CGI Federal's offices in Fairfax, VA; Lebanon, VA; Lafayette, LA; or Knoxville, TN; however, a hybrid working model is acceptable. You will be required to work in a CGI Federal office two days per week.

Your Future Duties and Responsibilities

  • Support all phases of the NIST RMF (Categorize → Select → Implement → Assess → Authorize → Monitor) for SAP financial modules (FM/GL, SD/AR, FI/CO, BW/BI, Procurement, etc.).
  • Develop and maintain ATO package artifacts.
  • Ensure the official government FISMA record and artifacts are updated as required in the government JCAM/CSAM GRC system.
  • Support the Security Control Assessor (SCA) during walkthroughs, evidence collection, interviews, and testing.
  • Perform internal control reviews for both NIST security controls and FISCAM internal controls, and conduct readiness assessments prior to formal assessments.
  • Track, resolve, and validate findings from vulnerability scans, penetration tests, and audit actions.
  • Coordinate with SAP Security Role Design teams to ensure authorization concepts align with RMF control requirements and best practices.
  • Validate the implementation of logging, audit trails, and monitoring across SAP.
  • Support triage and remediation of ongoing vulnerabilities and compliance items.
  • Carry out assigned duties in the AISSO role.

Required Qualifications

  • Due to contract requirements, U.S. citizenship and successful completion of a CGI background check are required prior to starting work. Candidates must also have the ability to obtain and maintain a DHS EOD/Public Trust clearance.
  • 3–6 years of experience supporting RMF, FISMA, or federal cybersecurity compliance.
  • Understanding of NIST SP 800-37, 800-53, 800-30, and related federal security publications.
  • Experience supporting enterprise-class systems.
  • Familiarity with system architecture diagrams, network security principles, and cloud/on-prem hosting models.
  • Ability to manage moderately complex work independently and escalate appropriately.
  • Strong writing and documentation skills.

Desired Qualifications

  • Experience with federal SAP Financials (FM, FI/CO, SD/AR), SAP Basis, or SAP Security Role Design teams.
  • Familiarity with government GAO FISCAM security controls for financial systems.
  • Experience with GRC tools (JCAM/CSAM), scanner outputs (ACAS, Nessus, AppDetective), and SIEM platforms.
  • Relevant certifications (Security+, CAP, CISSP, Associate of CISSP, CISM).

Compensation and Benefits

CGI is required by law in some jurisdictions to include a reasonable estimate of the compensation range for this role. A reasonable estimate of the current range for this role in the U.S. is $89,600.00 - $194,000.00.

CGI Federal's benefits are offered to eligible professionals on their first day of employment to include:

  • Competitive compensation
  • Comprehensive insurance options
  • Matching contributions through the 401(k) plan and the share purchase plan
  • Paid time off for vacation, holidays and sick time
  • Paid parental leave
  • Learning opportunities and tuition assistance
  • Wellness and well-being programs

#CGIFederalJob #LI-MC3 #DHSCareers #DCUBE2026