NIH Cybersecurity Compliance Analyst

Rockville, MD - USA

Monthly Salary: Not Disclosed

Posted on: Yesterday

Vacancies: 1 Vacancy

Job Summary

cFocus Software seeks a Cybersecurity Compliance Analyst to join our program supporting the National Institutes of Health (NIH). This position is remote. This position requires a Public Trust clearance.
Qualifications:

Bachelors degree in Cybersecurity Information Technology Computer Science or a related discipline.
57 years of experience supporting cybersecurity compliance risk management or information security programs.
Familiarity with NIST Risk Management Framework (RMF).
Experience supporting NIST SP 800-53 security control implementation.
Experience preparing and maintaining RMF documentation including SSPs and POA&Ms.
Understanding of FISMA compliance requirements and federal cybersecurity policies.
Strong analytical and documentation skills.

Duties:

Support cybersecurity compliance activities across NCATS systems and infrastructure.
Assist with implementation and documentation of NIST SP 800-53 security and privacy controls.
Coordinate with system owners developers and infrastructure teams to ensure systems meet federal security requirements.
Maintain compliance documentation and assist with system authorization packages.
Provide training support and guidance to NCATS personnel on cybersecurity compliance requirements.
Assist developers engineers and project stakeholders in implementing NIST SP 800-53 Rev.5 security controls.
Support security control mapping and tailoring activities based on FIPS-199 system categorizations.
Provide documentation support for RMF artifacts including System Security Plans (SSP) Security Assessment Plans (SAP)
Security Assessment Reports (SAR) and Plans of Action and Milestones (POA&M).
Assist with privacy control implementation and data protection requirements.
Participate in system design discussions and provide compliance recommendations.
Support security and privacy compliance for NCATS research programs and associated IT systems.
Assist with preparation of FIPS-199 documentation and system registration within NIH GRC repositories.
Conduct Privacy Impact Assessments (PIA) and Third-Party Web Application (TPWA) assessments.
Assist the NCATS ISSO and Privacy Coordinator with privacy incident response policy implementation
and security data calls.
Maintain and update security and privacy documentation to ensure alignment with federal requirements.
Assist with system assessment readiness and authorization preparation activities.
Support development and maintenance of Authority to Operate (ATO) documentation.
Conduct pre-assessment reviews of security controls and compliance artifacts.
Assist with independent security assessments and remediation tracking.
Support development of system authorization artifacts including SSPs contingency plans configuration management plans and incident response documentation.
Provide cybersecurity compliance support to NCATS system owners and users.
Assist with training programs related to security compliance and RMF processes.
Support vulnerability remediation tracking and audit preparation activities.
Provide end-user guidance on access control monitoring requirements and cybersecurity best practices.

Required Experience:

Senior IC

Bachelors degree in Cybersecurity Information Technology Computer Science or a related discipline.
57 years of experience supporting cybersecurity compliance risk management or information security programs.
Familiarity with NIST Risk Management Framework (RMF).
Experience supporting NIST SP 800-53 security control implementation.
Experience preparing and maintaining RMF documentation including SSPs and POA&Ms.
Understanding of FISMA compliance requirements and federal cybersecurity policies.
Strong analytical and documentation skills.

Duties:

Support cybersecurity compliance activities across NCATS systems and infrastructure.
Assist with implementation and documentation of NIST SP 800-53 security and privacy controls.
Coordinate with system owners developers and infrastructure teams to ensure systems meet federal security requirements.
Maintain compliance documentation and assist with system authorization packages.
Provide training support and guidance to NCATS personnel on cybersecurity compliance requirements.
Assist developers engineers and project stakeholders in implementing NIST SP 800-53 Rev.5 security controls.
Support security control mapping and tailoring activities based on FIPS-199 system categorizations.
Provide documentation support for RMF artifacts including System Security Plans (SSP) Security Assessment Plans (SAP)
Security Assessment Reports (SAR) and Plans of Action and Milestones (POA&M).
Assist with privacy control implementation and data protection requirements.
Participate in system design discussions and provide compliance recommendations.
Support security and privacy compliance for NCATS research programs and associated IT systems.
Assist with preparation of FIPS-199 documentation and system registration within NIH GRC repositories.
Conduct Privacy Impact Assessments (PIA) and Third-Party Web Application (TPWA) assessments.
Assist the NCATS ISSO and Privacy Coordinator with privacy incident response policy implementation
and security data calls.
Maintain and update security and privacy documentation to ensure alignment with federal requirements.
Assist with system assessment readiness and authorization preparation activities.
Support development and maintenance of Authority to Operate (ATO) documentation.
Conduct pre-assessment reviews of security controls and compliance artifacts.
Assist with independent security assessments and remediation tracking.
Support development of system authorization artifacts including SSPs contingency plans configuration management plans and incident response documentation.
Provide cybersecurity compliance support to NCATS system owners and users.
Assist with training programs related to security compliance and RMF processes.
Support vulnerability remediation tracking and audit preparation activities.
Provide end-user guidance on access control monitoring requirements and cybersecurity best practices.