The Role
Support NIH cybersecurity program management and RMF activities: produce reports and dashboards, track POA&Ms and A&A packages, maintain RMF documentation (SSPs, SARs), coordinate FISMA reporting and audits, provide governance guidance, and support ServiceNow-based security operations and continuous monitoring.
Summary Generated by Built In
cFocus Software seeks a Cyber Program Analyst to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
Duties:
Qualifications:
- Public Trust Clearance
- B.S. Computer Science, Information Technology, or a related field
- 2+ years supporting federal cybersecurity programs, RMF, governance, compliance, or ISSO activities.
- Preferred certifications include Security+, CAP, CISSP, CISM, PMP, or equivalent.
- Knowledge of NIST RMF, NIST SP 800-53 Rev.5, FISMA, FIPS, A&A, POA&M management, SSP development, cybersecurity reporting, risk management, executive communications, ServiceNow, Microsoft Office, and cybersecurity governance.
Duties:
- Support day-to-day program management activities, schedules, milestones, action items, and project reporting.
- Develop weekly, monthly, quarterly, and ad hoc cybersecurity reports, executive dashboards, risk profiles, and program metrics.
- Coordinate Program Management Plans, Project Management Plans, Integrated Master Schedules, SOPs, and other contract deliverables.
- Support Front Door security operations by tracking requests, maintaining documentation, and coordinating issue resolution.
- Assist ISSOs and System Owners with Assessment and Authorization (A&A) activities throughout the RMF lifecycle.
- Develop and maintain RMF documentation including SSPs, Security Assessment Plans, Security Assessment Reports, POA&Ms, and authorization packages.
- Monitor NIST SP 800-53 Rev. 5 security control implementation and continuous monitoring activities.
- Track Plans of Action & Milestones (POA&Ms), risk acceptance decisions, and remediation activities.
- Support Risk Management Strategy updates, common control libraries, and Cybersecurity Supply Chain Risk Management (C-SCRM) activities.
- Coordinate FISMA reporting, audit responses, corrective action plans, and cybersecurity compliance activities.
- Provide cybersecurity guidance to stakeholders regarding security requirements, documentation, and compliance obligations.
- Analyze cybersecurity metrics and identify trends, risks, and recommendations supporting executive decision making.
- Maintain program documentation and ensure compliance with NIH, HHS, NIST RMF, and federal cybersecurity policies.
Skills Required
- Public Trust Clearance or ability to obtain
- B.S. in Computer Science, Information Technology, or related field
- 2+ years supporting federal cybersecurity programs, RMF, governance, compliance, or ISSO activities
- Knowledge of NIST RMF, NIST SP 800-53 Rev.5, FISMA, FIPS, A&A, POA&M management, SSP development, cybersecurity reporting, risk management, executive communications, ServiceNow, and Microsoft Office
- Preferred certifications: Security+, CAP, CISSP, CISM, PMP, or equivalent
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
Established in 2006, cFocus Software automates FedRAMP compliance and develops government chatbots for the Azure Government Cloud, Office 365, and SharePoint. cFocus Software is the exclusive vendor of ATO (Authority To Operate) as a Service™, which automates FedRAMP compliance for the Azure Government Cloud and Office 365. Contact Us for a demo of ATO as a Service™ or a FREE government chatbot proof of concept project today!









