Mid-Level ISSO - HHS ESS

cFocus Software is seeking a highly skilled Mid-Level Information Systems Security Officer (ISSO) to support the Enterprise Security Services (ESS) program. This role is responsible for ensuring compliance with federal cybersecurity requirements, maintaining security documentation, and supporting system authorization and continuous monitoring activities. The successful candidate will oversee security control assessments, provide risk management guidance, and collaborate with stakeholders to maintain secure system configurations in alignment with the ESS Performance Work Statement (PWS).

• Oversee the implementation and enforcement of system security requirements as defined by the PWS.

• Ensure compliance with federal cybersecurity policies, including NIST RMF, FISMA, and FedRAMP.

• Support and maintain system security plans (SSPs), risk assessments, and authorization documentation.

• Collaborate with system owners, administrators, and engineers to maintain secure system configurations.

• Lead security control assessments and support continuous monitoring activities.

• Conduct vulnerability assessments, risk analyses, and recommend remediation strategies.

• Support audits, inspections, and authorization processes (ATO/ATC).

• Develop, maintain, and track Plans of Action and Milestones (POA&Ms).

• Develop and deliver security documentation, reports, and briefings to leadership and stakeholders.

• Ensure timely and accurate reporting of cybersecurity posture, risks, and incidents.

• Maintain accurate and up-to-date security artifacts to support compliance and accreditation efforts.

• Mentor and provide guidance to junior ISSOs and cybersecurity staff.

• Collaborate with internal and external stakeholders to resolve security concerns and support mission objectives.

• 6+ years of cybersecurity experience, with at least 3+ years as an ISSO in a federal environment.

• Strong knowledge of NIST SP 800-53, Risk Management Framework (RMF), and federal cybersecurity policies.

• Experience developing and maintaining security documentation (SSPs, SARs, POA&Ms, etc.).

• Proficiency in vulnerability management, incident response, and continuous monitoring practices.

• Demonstrated ability to brief senior leadership and communicate effectively across technical and non-technical stakeholders.

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field.

• Relevant cybersecurity certifications (e.g., CISSP, CISM, CISA, CAP, or equivalent).

• Master’s degree preferred.

• Active Public Trust clearance required.