Jobs · Education

NIH - ISSM

cFocus Software Incorporated · Bethesda, MD · 2 wk ago
RemoteRemoteEducationFull-time

Qualifications

  • Public Trust Clearance
  • B.S. in Computer Science, Information Technology, or a related field
  • 7+ years of progressively responsible experience supporting Federal cybersecurity programs
  • 5+ years serving as an ISSM, Senior ISSO, Security Manager, or equivalent cybersecurity leadership role
  • Demonstrated experience managing multiple federal information systems through the RMF lifecycle
  • Experience supporting FISMA High, Moderate, or Low systems
  • Active CISSP, CISM, CAP, GSLC, or Security+

Duties

  • Lead enterprise implementation of the NIST Risk Management Framework (RMF) across NIH/OD information systems.
  • Manage the complete Assessment & Authorization (A&A) lifecycle for Low and Moderate FISMA systems.
  • Direct the development, review, and approval of System Security Plans (SSPs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), Plans of Action & Milestones (POA&Ms), Security Control Traceability Matrices, and authorization packages.
  • Oversee continuous monitoring activities to ensure ongoing security authorization.
  • Supervise and mentor Information System Security Officers (ISSOs) supporting NIH/OD systems.
  • Provide cybersecurity guidance to System Owners regarding implementation of NIST SP 800-53 Rev. 5 security controls.
  • Manage enterprise cybersecurity risk assessments and recommend appropriate risk mitigation strategies.
  • Oversee Risk Mitigation Waiver documentation, approvals, compensating controls, and periodic reassessment of residual risk.
  • Cook with Security Control Assessors (SCAs), Authorizing Officials (AOs), System Owners, Privacy Officials, and executive leadership throughout the authorization process.
  • Ensure compliance with FISMA, HHS, NIH, NIST, OMB, and Federal cybersecurity requirements.
  • Review security architectures and proposed system changes for compliance with security requirements.
  • Direct enterprise POA&M management activities, remediation tracking, and corrective action reporting.
  • Review security assessment findings and validate remediation activities.
  • Develop executive-level cybersecurity metrics, dashboards, and risk briefings.
  • Support audit activities conducted by internal and external oversight organizations.
  • Cook continuous monitoring strategies, vulnerability remediation activities, and compliance reporting.
  • Provide technical leadership regarding Cybersecurity Supply Chain Risk Management (C-SCRM), common controls, and enterprise security governance.
  • Review security exceptions and risk acceptance packages for executive approval.
  • Ensure all RMF documentation remains current throughout the system lifecycle.
  • Support strategic cybersecurity planning and governance initiatives.

Similar jobs

NIH - ISSO

cFocus Software IncorporatedBethesda, MD· 2 wk ago
RemoteEducationapply on app.jazz.co