NIH Cybersecurity Program Manager Lead ISSO

Rockville, MD - USA

Monthly Salary: Not Disclosed

Posted on: 10 hours ago

Vacancies: 1 Vacancy

Job Summary

cFocus Software seeks a Cybersecurity Program Manager / Lead ISSO to join our program supporting the National Institutes of Health (NIH). This position is remote. This position requires a Public Trust clearance.
Qualifications:

Bachelors degree in Computer Science Cyber Security or related field.
10 years of experience in cybersecurity information assurance or information systems security.
Experience managing cybersecurity programs or security compliance initiatives within federal environments.
Strong expertise with RMF NIST SP 800-53 FISMA compliance ATO processes and security documentation.
Experience supporting federal agencies such as NIH HHS or other civilian agencies.
Ability to lead cybersecurity teams and coordinate across multiple stakeholders.

Duties:

Provide overall cybersecurity program oversight; coordinate RMF activities
Manage reporting to NCATS leadership
Oversee ATO readiness and compliance efforts
Coordinate stakeholder engagement and security training initiatives
Manage program resources workflows deliverables risk mitigation and performance across cybersecurity tasks.
Coordinate with federal program managers system owners developers and infrastructure teams to ensure security integration across the system lifecycle.
Oversee reporting dashboards and program metrics related to cybersecurity performance and compliance.
Ensure cybersecurity services align with FISMA NIST SP 800-53 NIH ISRM policies RMF and Zero Trust Architecture requirements.
Provide expert guidance to system developers and architects implementing NIST SP 800-53 Rev. 5 security and privacy controls across the system development lifecycle.
Advise technical teams on security-by-design and DevSecOps practices during architecture reviews sprint reviews and system design activities.
Assist with security control selection mapping tailoring and implementation based on system FIPS-199 categorizations.
Provide technical consultation on logging encryption API security identity management and other federal security requirements.
Support development of RMF documentation including SSPs SAPs SARs POA&Ms Continuous Monitoring Strategies and PIAs.
Provide information security and privacy support for NCATS research systems and IT environments handling sensitive or PII data.
Develop and maintain documentation required for system registration in the NIH Governance Risk and Compliance (GRC) repository.
Conduct and support FIPS-199 categorizations Privacy Impact Assessments (PIAs) and Third-Party Web Application (TPWA) assessments.
Support NCATS ISSO and privacy coordinator by assisting with privacy incident response security data calls and documentation maintenance.
Lead security authorization preparation and assessment readiness activities for NCATS systems.
Conduct pre-assessment security control reviews to prepare systems for FISMA compliance.
Maintain and enhance Authority to Operate (ATO) documentation and supporting artifacts.
Coordinate independent assessments and manage remediation of findings.
Develop and maintain assessment packages including SSPs BIAs contingency plans incident response plans and continuous monitoring artifacts.
Provide cybersecurity training and support to system owners developers and NCATS users.
Deliver training related to security compliance RMF processes secure system operation and vulnerability remediation.
Support audit preparation and ensure cybersecurity awareness across the NCATS environment.

Required Experience:

Manager

Bachelors degree in Computer Science Cyber Security or related field.
10 years of experience in cybersecurity information assurance or information systems security.
Experience managing cybersecurity programs or security compliance initiatives within federal environments.
Strong expertise with RMF NIST SP 800-53 FISMA compliance ATO processes and security documentation.
Experience supporting federal agencies such as NIH HHS or other civilian agencies.
Ability to lead cybersecurity teams and coordinate across multiple stakeholders.

Duties:

Provide overall cybersecurity program oversight; coordinate RMF activities
Manage reporting to NCATS leadership
Oversee ATO readiness and compliance efforts
Coordinate stakeholder engagement and security training initiatives
Manage program resources workflows deliverables risk mitigation and performance across cybersecurity tasks.
Coordinate with federal program managers system owners developers and infrastructure teams to ensure security integration across the system lifecycle.
Oversee reporting dashboards and program metrics related to cybersecurity performance and compliance.
Ensure cybersecurity services align with FISMA NIST SP 800-53 NIH ISRM policies RMF and Zero Trust Architecture requirements.
Provide expert guidance to system developers and architects implementing NIST SP 800-53 Rev. 5 security and privacy controls across the system development lifecycle.
Advise technical teams on security-by-design and DevSecOps practices during architecture reviews sprint reviews and system design activities.
Assist with security control selection mapping tailoring and implementation based on system FIPS-199 categorizations.
Provide technical consultation on logging encryption API security identity management and other federal security requirements.
Support development of RMF documentation including SSPs SAPs SARs POA&Ms Continuous Monitoring Strategies and PIAs.
Provide information security and privacy support for NCATS research systems and IT environments handling sensitive or PII data.
Develop and maintain documentation required for system registration in the NIH Governance Risk and Compliance (GRC) repository.
Conduct and support FIPS-199 categorizations Privacy Impact Assessments (PIAs) and Third-Party Web Application (TPWA) assessments.
Support NCATS ISSO and privacy coordinator by assisting with privacy incident response security data calls and documentation maintenance.
Lead security authorization preparation and assessment readiness activities for NCATS systems.
Conduct pre-assessment security control reviews to prepare systems for FISMA compliance.
Maintain and enhance Authority to Operate (ATO) documentation and supporting artifacts.
Coordinate independent assessments and manage remediation of findings.
Develop and maintain assessment packages including SSPs BIAs contingency plans incident response plans and continuous monitoring artifacts.
Provide cybersecurity training and support to system owners developers and NCATS users.
Deliver training related to security compliance RMF processes secure system operation and vulnerability remediation.
Support audit preparation and ensure cybersecurity awareness across the NCATS environment.