HHS Lead ISSORMF Lead

Rockville, MD - USA

Monthly Salary: Not Disclosed

Posted on: 3 days ago

Vacancies: 1 Vacancy

Job Summary

cFocus Software seeks a Lead ISSO/RMF Lead to join our program supporting the Department of Health and Human Services (HHS) This position is remote. This position requires the ability a Public Trust clearance.
Qualifications:

Bachelors degree in Information Technology Cybersecurity or related field.
Minimum 8 years of experience in federal RMF / ISSO roles.
Expert knowledge of NIST SPA and FISMA.
Experience with eGRC tools (e.g. RSA Archer).
Strong written and verbal communication skills.

Duties:

Provideexpert guidance on RMF process execution and improvements.
Develop templates guidance and documentation to support ISSO teams.
Translate complex cybersecurity concepts for non-technical stakeholders.
Develop executive briefings dashboards and reports.
Support Zero Trust Architecture initiatives and supply chain risk management.
Serve as the primary security point of contact for assigned systems.
Notify HRSA SOC of suspected or confirmed incidents within one hour.
Support incident response remediation and post-incident documentation.
Ensure compliance with FISMA OMB A-130 HHS and HRSA policies.
Support contingency planning BIA development and contingency testing.
Lead RMF lifecycle execution for assigned systems following NIST SP 800-37 Rev. 2.
Develop maintain and update all required FISMA security and privacy artifacts using HRSA eGRC.
Prepare and maintain SSPs SARs POA&Ms Continuous Monitoring Plans and authorization packages.
Conduct security categorization (FIPS 199) and ensure appropriate NIST 800-53 baselines are applied.
Review document and track security findings and vulnerabilities to closure.
Develop and manage POA&Ms with appropriate milestones evidence and ownership.
Prepare Risk-Based Decisions (RBDs) when required and support AO adjudication.
Coordinate with System Owners SMEs assessors and DCSP leadership.
Maintain acceptable CPIC Dashboard scores for assigned systems.
Support ATO annual assessments and transition to ongoing authorization.

Required Experience:

Senior IC

Bachelors degree in Information Technology Cybersecurity or related field.
Minimum 8 years of experience in federal RMF / ISSO roles.
Expert knowledge of NIST SPA and FISMA.
Experience with eGRC tools (e.g. RSA Archer).
Strong written and verbal communication skills.

Duties:

Provideexpert guidance on RMF process execution and improvements.
Develop templates guidance and documentation to support ISSO teams.
Translate complex cybersecurity concepts for non-technical stakeholders.
Develop executive briefings dashboards and reports.
Support Zero Trust Architecture initiatives and supply chain risk management.
Serve as the primary security point of contact for assigned systems.
Notify HRSA SOC of suspected or confirmed incidents within one hour.
Support incident response remediation and post-incident documentation.
Ensure compliance with FISMA OMB A-130 HHS and HRSA policies.
Support contingency planning BIA development and contingency testing.
Lead RMF lifecycle execution for assigned systems following NIST SP 800-37 Rev. 2.
Develop maintain and update all required FISMA security and privacy artifacts using HRSA eGRC.
Prepare and maintain SSPs SARs POA&Ms Continuous Monitoring Plans and authorization packages.
Conduct security categorization (FIPS 199) and ensure appropriate NIST 800-53 baselines are applied.
Review document and track security findings and vulnerabilities to closure.
Develop and manage POA&Ms with appropriate milestones evidence and ownership.
Prepare Risk-Based Decisions (RBDs) when required and support AO adjudication.
Coordinate with System Owners SMEs assessors and DCSP leadership.
Maintain acceptable CPIC Dashboard scores for assigned systems.
Support ATO annual assessments and transition to ongoing authorization.