IT - Cyber Security Specialist IV
About the role
The role involves overseeing activities related to system security authorization, compliance, and continuous monitoring for a federal environment. The ISSO will be instrumental in ensuring secure and compliant systems across both legacy integrations and modern cloud-based platforms, supporting major cybersecurity initiatives for the Centers for Medicare & Medicaid Services (CMS).
Responsibilities
- Serve as the ISSO for the ClaimsCore Program, ensuring compliance with FISMA Moderate, FedRAMP Moderate, and CMS ARS 5.1 security controls.
- Oversee the Authorization to Operate (ATO) process, including the preparation and maintenance of all Security Authorization (SA) and Certification & Accreditation (C&A) documentation.
- Conduct risk and vulnerability assessments, track remediation activities, and ensure zero open Critical/High vulnerabilities at go-live.
- Manage security incidents, ensuring notification within 1 hour, and coordinate with stakeholders on mitigation and reporting.
- Develop, maintain, and update security policies, procedures, SSPs, SOPs, and other RMF documentation.
- Support annual and ad hoc federal security assessments, including CSRAP, CFO, and OMB A123 reviews.
- Manage POA&M entries, validate mitigation strategies, and support audit responses.
- Perform continuous monitoring activities, analyze security reports, and recommend corrective actions.
- Collaborate with engineering, operations, and program management teams to embed security into system design.
- Provide subject matter expertise on NIST 800-53 controls, FedRAMP requirements, and CMS-specific security processes.
- Ensure all system changes follow proper security impact analysis procedures prior to deployment.
- Support contractor, government, and third-party security assessments.
Requirements
- Education & Experience: Minimum of 8 years of experience with a BS/BA degree; or Minimum of 6 years of experience with an MS/MA degree; or Minimum of 3 years of experience with a PhD.
- Technical Skills & Experience: Demonstrated experience as an ISSO or similar security lead on federal programs following FISMA, NIST RMF, and FedRAMP requirements. Hands-on experience developing and reviewing RMF documentation (SSP, SAR, POA&M, CMP, Incident Response Plan, Contingency Plan, etc.). Experience conducting or supporting risk assessments, vulnerability analysis, and security audits. Familiarity with CMS ARS 5.1, CMS ATO processes, and federal cybersecurity reporting requirements. Experience supporting incident response processes, including rapid notification and coordination. Strong understanding of vulnerability management tools and processes (e.g., Nessus, Tenable.sc, Qualys). Ability to communicate effectively with both technical and non-technical stakeholders.
- Preferred Qualifications: Relevant certifications such as CISSP, CISM, Security+, CEH, or CAP. Previous experience supporting CMS, federal healthcare programs, or large federal IT modernization efforts. Experience in hybrid environments involving legacy systems and cloud platforms (AWS/Azure) subject to FedRAMP Moderate controls. Familiarity with continuous monitoring processes and automation tools. Experience supporting external audits such as CSRAP, CFO, and OMB A-123. Knowledge of secure software development practices and DevSecOps concepts. Experience with enterprise-scale government contractors or large federal IT programs.
Benefits
Everforth Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Everforth Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Everforth Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Everforth Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our ‘Welcome Packet’ as well, which an Everforth Apex team member can provide.
Pay
TBD
Schedule
TBD
Skills
N/A
Qualifications
N/A
Company Info
Everforth Apex is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Everforth Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Benefits Department at [email protected] or 804-523-8228. (Do not submit resumes or solicit consultants to this email address).