Nih Isso
Job Location:
Bethesda, MD - USA
Monthly Salary:
Not Disclosed
Posted on:
10 hours ago
Vacancies:
1 Vacancy
Job Summary
cFocus Software seeks a Information Systems Security Officer (ISSO) to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
Duties:
Qualifications:
- Public Trust Clearance
- B.S. Computer Science Information Technology or a related field
- 5 years of experience supporting Federal information security programs.
- Experience supporting Federal Assessment and Authorization (A&A) efforts.
- Experience implementing NIST Risk Management Framework (RMF) controls.
- Active CISSP CAP Security CISM GSLC or GSEC
Duties:
- Serve as the primary Information System Security Officer (ISSO) for assigned NIH information systems.
- Implement and maintain the NIST Risk Management Framework (RMF) throughout the system development lifecycle.
- Support Assessment and Authorization (A&A) activities for Low and Moderate FISMA systems.
- Develop maintain and update System Security Plans (SSPs) Security Assessment Plans (SAPs) Security Assessment Reports (SARs) Plans of Action and Milestones (POA&Ms) security categorization documentation and supporting authorization artifacts.
- Coordinate with System Owners to implement and maintain NIST SP 800-53 Rev. 5 security controls.
- Perform continuous monitoring activities to verify ongoing compliance with Federal cybersecurity requirements.
- Monitor security vulnerabilities and coordinate remediation efforts with system administrators and technical teams.
- Track update and report POA&M items through successful remediation and closure.
- Review vulnerability scan results and ensure corrective actions are completed within required timelines.
- Support annual FISMA assessments and internal/external cybersecurity audits.
- Assist in developing security risk assessments and documenting residual risk.
- Coordinate security control assessments with Security Control Assessors (SCAs).
- Support the preparation of authorization packages for Authorizing Officials (AOs).
- Review proposed system changes for cybersecurity impacts and ensure appropriate security documentation is updated.
- Maintain accurate cybersecurity documentation throughout the authorization lifecycle.
- Assist with Risk Mitigation Waiver documentation and implementation of compensating security controls.
- Provide cybersecurity guidance to System Owners regarding Federal information security requirements.
- Participate in security architecture reviews and system design discussions.
- Develop cybersecurity status reports metrics and compliance documentation for management.
- Ensure compliance with FISMA OMB guidance HHS cybersecurity policy NIH security requirements and NIST standards.
- Participate in cybersecurity incident response activities and coordinate with enterprise cybersecurity teams when required.
Required Experience:
Senior IC
About Company
Our exclusive ATO as a Service⢠software & expert services automate FISMA RMF & FedRAMP compliance.