Nih Issm
Job Location:
Bethesda, MD - USA
Monthly Salary:
Not Disclosed
Posted on:
2 days ago
Vacancies:
1 Vacancy
Job Summary
cFocus Software seeks a Information Systems Security Manager (ISSM) to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
Duties:
Qualifications:
- Public Trust Clearance
- B.S. Computer Science Information Technology or a related field
- 7 years of progressively responsible experience supporting Federal cybersecurity programs.
- 5 years serving as an ISSM Senior ISSO Security Manager or equivalent cybersecurity leadership role.
- Demonstrated experience managing multiple federal information systems through the RMF lifecycle.
- Experience supporting FISMA High Moderate or Low systems.
- Active CISSP CISM CAP GSLC or Security
Duties:
- Lead enterprise implementation of the NIST Risk Management Framework (RMF) across NIH/OD information systems.
- Manage the complete Assessment & Authorization (A&A) lifecycle for Low and Moderate FISMA systems.
- Direct the development review and approval of System Security Plans (SSPs) Security Assessment Plans (SAPs) Security Assessment Reports (SARs) Plans of Action & Milestones (POA&Ms) Security Control Traceability Matrices and authorization packages.
- Oversee continuous monitoring activities to ensure ongoing security authorization.
- Supervise and mentor Information System Security Officers (ISSOs) supporting NIH/OD systems.
- Provide cybersecurity guidance to System Owners regarding implementation of NIST SP 800-53 Rev. 5 security controls.
- Manage enterprise cybersecurity risk assessments and recommend appropriate risk mitigation strategies.
- Oversee Risk Mitigation Waiver documentation approvals compensating controls and periodic reassessment of residual risk.
- Coordinate with Security Control Assessors (SCAs) Authorizing Officials (AOs) System Owners Privacy Officials and executive leadership throughout the authorization process.
- Ensure compliance with FISMA HHS NIH NIST OMB and Federal cybersecurity requirements.
- Review security architectures and proposed system changes for compliance with security requirements.
- Direct enterprise POA&M management activities remediation tracking and corrective action reporting.
- Review security assessment findings and validate remediation activities.
- Develop executive-level cybersecurity metrics dashboards and risk briefings.
- Support audit activities conducted by internal and external oversight organizations.
- Coordinate continuous monitoring strategies vulnerability remediation activities and compliance reporting.
- Provide technical leadership regarding Cybersecurity Supply Chain Risk Management (C-SCRM) common controls and enterprise security governance.
- Review security exceptions and risk acceptance packages for executive approval.
- Ensure all RMF documentation remains current throughout the system lifecycle.
- Support strategic cybersecurity planning and governance initiatives.
Required Experience:
Senior IC
About Company
Our exclusive ATO as a Service⢠software & expert services automate FISMA RMF & FedRAMP compliance.