NIH - ISSO

Posted 6 Days Ago
Be an Early Applicant
Bethesda, MD, USA
In-Office
Senior level
Software
The Role
Serve as the primary ISSO for NIH systems, implementing NIST RMF and SP 800-53 controls, supporting A&A for Low/Moderate FISMA systems, developing and maintaining authorization artifacts (SSPs, SAPs, SARs, POA&Ms), conducting continuous monitoring, coordinating vulnerability remediation, and supporting audits, risk assessments, and incident response.
Summary Generated by Built In
cFocus Software seeks a Information Systems Security Officer (ISSO) to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
  • Public Trust Clearance
  • B.S. Computer Science, Information Technology, or a related field
  • 5+ years of experience supporting Federal information security programs.
  • Experience supporting Federal Assessment and Authorization (A&A) efforts.
  • Experience implementing NIST Risk Management Framework (RMF) controls.
  • Active CISSP, CAP, Security+, CISM, GSLC, or GSEC

Duties:
  • Serve as the primary Information System Security Officer (ISSO) for assigned NIH information systems.
  • Implement and maintain the NIST Risk Management Framework (RMF) throughout the system development lifecycle.
  • Support Assessment and Authorization (A&A) activities for Low and Moderate FISMA systems.
  • Develop, maintain, and update System Security Plans (SSPs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), security categorization documentation, and supporting authorization artifacts.
  • Coordinate with System Owners to implement and maintain NIST SP 800-53 Rev. 5 security controls.
  • Perform continuous monitoring activities to verify ongoing compliance with Federal cybersecurity requirements.
  • Monitor security vulnerabilities and coordinate remediation efforts with system administrators and technical teams.
  • Track, update, and report POA&M items through successful remediation and closure.
  • Review vulnerability scan results and ensure corrective actions are completed within required timelines.
  • Support annual FISMA assessments and internal/external cybersecurity audits.
  • Assist in developing security risk assessments and documenting residual risk.
  • Coordinate security control assessments with Security Control Assessors (SCAs).
  • Support the preparation of authorization packages for Authorizing Officials (AOs).
  • Review proposed system changes for cybersecurity impacts and ensure appropriate security documentation is updated.
  • Maintain accurate cybersecurity documentation throughout the authorization lifecycle.
  • Assist with Risk Mitigation Waiver documentation and implementation of compensating security controls.
  • Provide cybersecurity guidance to System Owners regarding Federal information security requirements.
  • Participate in security architecture reviews and system design discussions.
  • Develop cybersecurity status reports, metrics, and compliance documentation for management.
  • Ensure compliance with FISMA, OMB guidance, HHS cybersecurity policy, NIH security requirements, and NIST standards.
  • Participate in cybersecurity incident response activities and coordinate with enterprise cybersecurity teams when required.

Skills Required

  • Public Trust clearance or ability to obtain one
  • Bachelor's degree in Computer Science, Information Technology, or related field
  • 5+ years supporting Federal information security programs
  • Experience supporting Federal Assessment and Authorization (A&A) efforts
  • Experience implementing NIST Risk Management Framework (RMF) controls
  • Active CISSP, CAP, Security+, CISM, GSLC, or GSEC (one required)
Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Largo, MD
25 Employees
Year Founded: 2006

What We Do

Established in 2006, cFocus Software automates FedRAMP compliance and develops government chatbots for the Azure Government Cloud, Office 365, and SharePoint. cFocus Software is the exclusive vendor of ATO (Authority To Operate) as a Service™, which automates FedRAMP compliance for the Azure Government Cloud and Office 365. Contact Us for a demo of ATO as a Service™ or a FREE government chatbot proof of concept project today!

Similar Jobs

Dynatrace Logo Dynatrace

Strategic Marketing Operations Technology Manager

Artificial Intelligence • Big Data • Cloud • Information Technology • Software • Big Data Analytics • Automation
Remote or Hybrid
United States
5600 Employees
148K-185K Annually

CrowdStrike Logo CrowdStrike

Senior Consultant

Cloud • Computer Vision • Information Technology • Sales • Security • Cybersecurity
Remote or Hybrid
USA
10000 Employees
115K-160K Annually

Zscaler Logo Zscaler

Senior Manager, Enterprise Data Platform

Cloud • Information Technology • Security • Software • Cybersecurity
Easy Apply
Remote or Hybrid
USA
8697 Employees
196K-245K Annually

Samsara Logo Samsara

Technical Product Manager

Artificial Intelligence • Cloud • Computer Vision • Hardware • Internet of Things • Software
Easy Apply
Remote or Hybrid
United States
4000 Employees
102K-137K Annually

Similar Companies Hiring

Hanover Park Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
42 Employees
Kepler  Thumbnail
Fintech • Software
New York, New York
6 Employees
Onshore Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
60 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account