The Role
cFocus Software seeks a Sr. ISSO to join our program supporting the Department of Health and Human Services (HHS) This position is remote. This position requires the ability a Public Trust clearance.
Qualifications:
Qualifications:
- Bachelor’s degree in Cybersecurity, Information Technology, or related field.
- Minimum 8–10 years of experience supporting federal RMF and ISSO functions.
- Expert knowledge of NIST SP 800-37, NIST SP 800-53, NIST SP 800-53A, and FISMA requirements.
- Hands-on experience supporting ATOs, continuous monitoring, and eGRC tools (e.g., RSA Archer).
- Experience supporting systems containing PII and moderate/high impact data.
- Strong written and verbal communication skills.
- Active CISSP, CAP, CISM, or Security+ (preferred)
- Lead execution of the NIST RMF lifecycle (Categorize, Select, Implement, Assess, Authorize, Monitor) for assigned HRSA systems.
- Serve as the primary security advisor to System Owners, ISSOs, and program leadership.
- Develop, review, and maintain RMF artifacts including SSPs, SARs, POA&Ms, Continuous Monitoring Plans, BIAs, and Contingency Plans.
- Ensure accurate and timely entry of system security data into the HRSA eGRC platform.
- Manage POA&M development, prioritization, tracking, and closure in coordination with stakeholders.
- Prepare systems for initial ATOs, annual assessments, and ongoing authorization activities.
- Support Security Control Assessments (SCAs) and remediate findings in coordination with assessors.
- Develop Risk-Based Decisions (RBDs) and support Authorizing Official (AO) adjudication.
- Maintain acceptable CPIC dashboard scores and support corrective actions.
- Ensure compliance with FISMA, OMB A-130, HHS, and HRSA cybersecurity policies.
- Support vulnerability management, incident response, and configuration management activities.
- Provide mentoring and technical guidance to junior ISSOs and RMF analysts.
- Develop and maintain system security SOPs, workflows, and documentation.
- Prepare executive briefings, metrics, and reports on system security posture and risk.
Similar Jobs
.png)
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
Established in 2006, cFocus Software automates FedRAMP compliance and develops government chatbots for the Azure Government Cloud, Office 365, and SharePoint. cFocus Software is the exclusive vendor of ATO (Authority To Operate) as a Service™, which automates FedRAMP compliance for the Azure Government Cloud and Office 365. Contact Us for a demo of ATO as a Service™ or a FREE government chatbot proof of concept project today!
