Back to jobs
RemotePosted 2 days ago
remote

Job Description

cFocus Software seeks a Information Systems Security Officer (ISSO) to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
  • Public Trust Clearance
  • B.S. Computer Science, Information Technology, or a related field
  • 5+ years of experience supporting Federal information security programs.
  • Experience supporting Federal Assessment and Authorization (A&A) efforts.
  • Experience implementing NIST Risk Management Framework (RMF) controls.
  • Active CISSP, CAP, Security+, CISM, GSLC, or GSEC

Duties:
  • Serve as the primary Information System Security Officer (ISSO) for assigned NIH information systems.
  • Implement and maintain the NIST Risk Management Framework (RMF) throughout the system development lifecycle.
  • Support Assessment and Authorization (A&A) activities for Low and Moderate FISMA systems.
  • Develop, maintain, and update System Security Plans (SSPs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), security categorization documentation, and supporting authorization artifacts.
  • Coordinate with System Owners to implement and maintain NIST SP 800-53 Rev. 5 security controls.
  • Perform continuous monitoring activities to verify ongoing compliance with Federal cybersecurity requirements.
  • Monitor security vulnerabilities and coordinate remediation efforts with system administrators and technical teams.
  • Track, update, and report POA&M items through successful remediation and closure.
  • Review vulnerability scan results and ensure corrective actions are completed within required timelines.
  • Support annual FISMA assessments and internal/external cybersecurity audits.
  • Assist in developing security risk assessments and documenting residual risk.
  • Coordinate security control assessments with Security Control Assessors (SCAs).
  • Support the preparation of authorization packages for Authorizing Officials (AOs).
  • Review proposed system changes for cybersecurity impacts and ensure appropriate security documentation is updated.
  • Maintain accurate cybersecurity documentation throughout the authorization lifecycle.
  • Assist with Risk Mitigation Waiver documentation and implementation of compensating security controls.
  • Provide cybersecurity guidance to System Owners regarding Federal information security requirements.
  • Participate in security architecture reviews and system design discussions.
  • Develop cybersecurity status reports, metrics, and compliance documentation for management.
  • Ensure compliance with FISMA, OMB guidance, HHS cybersecurity policy, NIH security requirements, and NIST standards.
  • Participate in cybersecurity incident response activities and coordinate with enterprise cybersecurity teams when required.
NIH - ISSO at cFocus Software Incorporated | Renata