cFocus Software seeks a Information Systems Security Officer (ISSO) to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:-
Public Trust Clearance
-
B.S. Computer Science, Information Technology, or a related field
-
5+ years of experience supporting Federal information security programs.
-
Experience supporting Federal Assessment and Authorization (A&A) efforts.
-
Experience implementing NIST Risk Management Framework (RMF) controls.
-
Active CISSP, CAP, Security+, CISM, GSLC, or GSEC
Duties:-
Serve as the primary Information System Security Officer (ISSO) for assigned NIH information systems.
-
Implement and maintain the NIST Risk Management Framework (RMF) throughout the system development lifecycle.
-
Support Assessment and Authorization (A&A) activities for Low and Moderate FISMA systems.
-
Develop, maintain, and update System Security Plans (SSPs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), security categorization documentation, and supporting authorization artifacts.
-
Coordinate with System Owners to implement and maintain NIST SP 800-53 Rev. 5 security controls.
-
Perform continuous monitoring activities to verify ongoing compliance with Federal cybersecurity requirements.
-
Monitor security vulnerabilities and coordinate remediation efforts with system administrators and technical teams.
-
Track, update, and report POA&M items through successful remediation and closure.
-
Review vulnerability scan results and ensure corrective actions are completed within required timelines.
-
Support annual FISMA assessments and internal/external cybersecurity audits.
-
Assist in developing security risk assessments and documenting residual risk.
-
Coordinate security control assessments with Security Control Assessors (SCAs).
-
Support the preparation of authorization packages for Authorizing Officials (AOs).
-
Review proposed system changes for cybersecurity impacts and ensure appropriate security documentation is updated.
-
Maintain accurate cybersecurity documentation throughout the authorization lifecycle.
-
Assist with Risk Mitigation Waiver documentation and implementation of compensating security controls.
-
Provide cybersecurity guidance to System Owners regarding Federal information security requirements.
-
Participate in security architecture reviews and system design discussions.
-
Develop cybersecurity status reports, metrics, and compliance documentation for management.
-
Ensure compliance with FISMA, OMB guidance, HHS cybersecurity policy, NIH security requirements, and NIST standards.
-
Participate in cybersecurity incident response activities and coordinate with enterprise cybersecurity teams when required.
Ei6ZMOtz6Z