NIH - ISSM

Posted 7 Days Ago
Be an Early Applicant
Bethesda, MD, USA
In-Office
Senior level
Software
The Role
Lead RMF implementation and manage the A&A lifecycle for NIH systems. Oversee SSPs, SAPs, SARs, POA&Ms, continuous monitoring, vulnerability remediation, and C-SCRM. Supervise ISSOs, coordinate with SCAs/AOs, ensure FISMA/NIST compliance, develop executive risk metrics, and support audits and enterprise cybersecurity governance.
Summary Generated by Built In
cFocus Software seeks a Information Systems Security Manager (ISSM) to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
  • Public Trust Clearance
  • B.S. Computer Science, Information Technology, or a related field
  • 7+ years of progressively responsible experience supporting Federal cybersecurity programs.
  • 5+ years serving as an ISSM, Senior ISSO, Security Manager, or equivalent cybersecurity leadership role.
  • Demonstrated experience managing multiple federal information systems through the RMF lifecycle.
  • Experience supporting FISMA High, Moderate, or Low systems.
  • Active CISSP, CISM, CAP, GSLC, or Security+

Duties:
  • Lead enterprise implementation of the NIST Risk Management Framework (RMF) across NIH/OD information systems.
  • Manage the complete Assessment & Authorization (A&A) lifecycle for Low and Moderate FISMA systems.
  • Direct the development, review, and approval of System Security Plans (SSPs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), Plans of Action & Milestones (POA&Ms), Security Control Traceability Matrices, and authorization packages.
  • Oversee continuous monitoring activities to ensure ongoing security authorization.
  • Supervise and mentor Information System Security Officers (ISSOs) supporting NIH/OD systems.
  • Provide cybersecurity guidance to System Owners regarding implementation of NIST SP 800-53 Rev. 5 security controls.
  • Manage enterprise cybersecurity risk assessments and recommend appropriate risk mitigation strategies.
  • Oversee Risk Mitigation Waiver documentation, approvals, compensating controls, and periodic reassessment of residual risk.
  • Coordinate with Security Control Assessors (SCAs), Authorizing Officials (AOs), System Owners, Privacy Officials, and executive leadership throughout the authorization process.
  • Ensure compliance with FISMA, HHS, NIH, NIST, OMB, and Federal cybersecurity requirements.
  • Review security architectures and proposed system changes for compliance with security requirements.
  • Direct enterprise POA&M management activities, remediation tracking, and corrective action reporting.
  • Review security assessment findings and validate remediation activities.
  • Develop executive-level cybersecurity metrics, dashboards, and risk briefings.
  • Support audit activities conducted by internal and external oversight organizations.
  • Coordinate continuous monitoring strategies, vulnerability remediation activities, and compliance reporting.
  • Provide technical leadership regarding Cybersecurity Supply Chain Risk Management (C-SCRM), common controls, and enterprise security governance.
  • Review security exceptions and risk acceptance packages for executive approval.
  • Ensure all RMF documentation remains current throughout the system lifecycle.
  • Support strategic cybersecurity planning and governance initiatives.

Skills Required

  • Public Trust clearance or ability to obtain one
  • B.S. in Computer Science, Information Technology, or a related field
  • 7+ years supporting Federal cybersecurity programs
  • 5+ years serving as an ISSM, Senior ISSO, Security Manager, or equivalent cybersecurity leadership role
  • Experience managing multiple federal information systems through the RMF lifecycle
  • Experience supporting FISMA High, Moderate, or Low systems
  • Active CISSP, CISM, CAP, GSLC, or Security+ certification
Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Largo, MD
25 Employees
Year Founded: 2006

What We Do

Established in 2006, cFocus Software automates FedRAMP compliance and develops government chatbots for the Azure Government Cloud, Office 365, and SharePoint. cFocus Software is the exclusive vendor of ATO (Authority To Operate) as a Service™, which automates FedRAMP compliance for the Azure Government Cloud and Office 365. Contact Us for a demo of ATO as a Service™ or a FREE government chatbot proof of concept project today!

Similar Jobs

Wipfli Logo Wipfli

Sales Intelligence Analyst

Cloud • Fintech • Software • Business Intelligence • Consulting • Financial Services
Remote or Hybrid
United States
3000 Employees
73K-98K Annually

Ahold Delhaize USA Logo Ahold Delhaize USA

Admin I Customer Care Representative

AdTech • eCommerce • Food • Marketing Tech • Retail
Hybrid
Hyattsville, MD, USA
10000 Employees
29K-33K Hourly

PNC Bank Logo PNC Bank

Portfolio Manager III

Machine Learning • Payments • Security • Software • Financial Services
Remote or Hybrid
USA
55000 Employees

PNC Bank Logo PNC Bank

Product Owner

Machine Learning • Payments • Security • Software • Financial Services
Remote or Hybrid
USA
55000 Employees
112K-250K Annually

Similar Companies Hiring

Hanover Park Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
42 Employees
Kepler  Thumbnail
Fintech • Software
New York, New York
6 Employees
Onshore Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
60 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account