cFocus Software Incorporated
Himalayas · Posted today
NIH - ISSM
Continue to application
Add your email once, then Caio opens the original posting.
Indexed description
cFocus Software seeks a Information Systems Security Manager (ISSM) to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
Duties:
Qualifications:
- Public Trust Clearance
- B.S. Computer Science, Information Technology, or a related field
- 7+ years of progressively responsible experience supporting Federal cybersecurity programs.
- 5+ years serving as an ISSM, Senior ISSO, Security Manager, or equivalent cybersecurity leadership role.
- Demonstrated experience managing multiple federal information systems through the RMF lifecycle.
- Experience supporting FISMA High, Moderate, or Low systems.
- Active CISSP, CISM, CAP, GSLC, or Security+
Duties:
- Lead enterprise implementation of the NIST Risk Management Framework (RMF) across NIH/OD information systems.
- Manage the complete Assessment & Authorization (A&A) lifecycle for Low and Moderate FISMA systems.
- Direct the development, review, and approval of System Security Plans (SSPs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), Plans of Action & Milestones (POA&Ms), Security Control Traceability Matrices, and authorization packages.
- Oversee continuous monitoring activities to ensure ongoing security authorization.
- Supervise and mentor Information System Security Officers (ISSOs) supporting NIH/OD systems.
- Provide cybersecurity guidance to System Owners regarding implementation of NIST SP 800-53 Rev. 5 security controls.
- Manage enterprise cybersecurity risk assessments and recommend appropriate risk mitigation strategies.
- Oversee Risk Mitigation Waiver documentation, approvals, compensating controls, and periodic reassessment of residual risk.
- Coordinate with Security Control Assessors (SCAs), Authorizing Officials (AOs), System Owners, Privacy Officials, and executive leadership throughout the authorization process.
- Ensure compliance with FISMA, HHS, NIH, NIST, OMB, and Federal cybersecurity requirements.
- Review security architectures and proposed system changes for compliance with security requirements.
- Direct enterprise POA&M management activities, remediation tracking, and corrective action reporting.
- Review security assessment findings and validate remediation activities.
- Develop executive-level cybersecurity metrics, dashboards, and risk briefings.
- Support audit activities conducted by internal and external oversight organizations.
- Coordinate continuous monitoring strategies, vulnerability remediation activities, and compliance reporting.
- Provide technical leadership regarding Cybersecurity Supply Chain Risk Management (C-SCRM), common controls, and enterprise security governance.
- Review security exceptions and risk acceptance packages for executive approval.
- Ensure all RMF documentation remains current throughout the system lifecycle.
- Support strategic cybersecurity planning and governance initiatives.
Originally posted on Himalayas
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search
Want help applying to roles like this?
Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent