Nih Issm


Job Location:

Bethesda, MD - USA

Monthly Salary: Not Disclosed
Posted on: 2 days ago
Vacancies: 1 Vacancy

Job Summary

cFocus Software seeks a Information Systems Security Manager (ISSM) to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
  • Public Trust Clearance
  • B.S. Computer Science Information Technology or a related field
  • 7 years of progressively responsible experience supporting Federal cybersecurity programs.
  • 5 years serving as an ISSM Senior ISSO Security Manager or equivalent cybersecurity leadership role.
  • Demonstrated experience managing multiple federal information systems through the RMF lifecycle.
  • Experience supporting FISMA High Moderate or Low systems.
  • Active CISSP CISM CAP GSLC or Security

Duties:
  • Lead enterprise implementation of the NIST Risk Management Framework (RMF) across NIH/OD information systems.
  • Manage the complete Assessment & Authorization (A&A) lifecycle for Low and Moderate FISMA systems.
  • Direct the development review and approval of System Security Plans (SSPs) Security Assessment Plans (SAPs) Security Assessment Reports (SARs) Plans of Action & Milestones (POA&Ms) Security Control Traceability Matrices and authorization packages.
  • Oversee continuous monitoring activities to ensure ongoing security authorization.
  • Supervise and mentor Information System Security Officers (ISSOs) supporting NIH/OD systems.
  • Provide cybersecurity guidance to System Owners regarding implementation of NIST SP 800-53 Rev. 5 security controls.
  • Manage enterprise cybersecurity risk assessments and recommend appropriate risk mitigation strategies.
  • Oversee Risk Mitigation Waiver documentation approvals compensating controls and periodic reassessment of residual risk.
  • Coordinate with Security Control Assessors (SCAs) Authorizing Officials (AOs) System Owners Privacy Officials and executive leadership throughout the authorization process.
  • Ensure compliance with FISMA HHS NIH NIST OMB and Federal cybersecurity requirements.
  • Review security architectures and proposed system changes for compliance with security requirements.
  • Direct enterprise POA&M management activities remediation tracking and corrective action reporting.
  • Review security assessment findings and validate remediation activities.
  • Develop executive-level cybersecurity metrics dashboards and risk briefings.
  • Support audit activities conducted by internal and external oversight organizations.
  • Coordinate continuous monitoring strategies vulnerability remediation activities and compliance reporting.
  • Provide technical leadership regarding Cybersecurity Supply Chain Risk Management (C-SCRM) common controls and enterprise security governance.
  • Review security exceptions and risk acceptance packages for executive approval.
  • Ensure all RMF documentation remains current throughout the system lifecycle.
  • Support strategic cybersecurity planning and governance initiatives.

Required Experience:

Senior IC

cFocus Software seeks a Information Systems Security Manager (ISSM) to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.Qualifications:Public Trust ClearanceB.S....

About Company

Company Logo

Our exclusive ATO as a Serviceā„¢ software & expert services automate FISMA RMF & FedRAMP compliance.

View Profile View Profile