NIH - Cybersecurity Compliance Analyst at cFocus Software Incorporated – Rockville, Maryland

cFocus Software seeks a Cybersecurity Compliance Analyst to join our program supporting the National Institutes of Health (NIH). This position is remote. This position requires a Public Trust clearance.
Qualifications:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related discipline.
• 5–7 years of experience supporting cybersecurity compliance, risk management, or information security programs.
• Familiarity with NIST Risk Management Framework (RMF).
• Experience supporting NIST SP 800-53 security control implementation.
• Experience preparing and maintaining RMF documentation including SSPs and POA&Ms.
• Understanding of FISMA compliance requirements and federal cybersecurity policies.
• Strong analytical and documentation skills.

Duties:

• Support cybersecurity compliance activities across NCATS systems and infrastructure.
• Assist with implementation and documentation of NIST SP 800-53 security and privacy controls.
• Coordinate with system owners, developers, and infrastructure teams to ensure systems meet federal security requirements.
• Maintain compliance documentation and assist with system authorization packages.
• Provide training, support, and guidance to NCATS personnel on cybersecurity compliance requirements.
• Assist developers, engineers, and project stakeholders in implementing NIST SP 800-53 Rev.5 security controls.
• Support security control mapping and tailoring activities based on FIPS-199 system categorizations.
• Provide documentation support for RMF artifacts including System Security Plans (SSP), Security Assessment Plans (SAP),
• Security Assessment Reports (SAR), and Plans of Action and Milestones (POA&M).
• Assist with privacy control implementation and data protection requirements.
• Participate in system design discussions and provide compliance recommendations.
• Support security and privacy compliance for NCATS research programs and associated IT systems.
• Assist with preparation of FIPS-199 documentation and system registration within NIH GRC repositories.
• Conduct Privacy Impact Assessments (PIA) and Third-Party Web Application (TPWA) assessments.
• Assist the NCATS ISSO and Privacy Coordinator with privacy incident response, policy implementation,
• and security data calls.
• Maintain and update security and privacy documentation to ensure alignment with federal requirements.
• Assist with system assessment readiness and authorization preparation activities.
• Support development and maintenance of Authority to Operate (ATO) documentation.
• Conduct pre-assessment reviews of security controls and compliance artifacts.
• Assist with independent security assessments and remediation tracking.
• Support development of system authorization artifacts including SSPs, contingency plans, configuration management plans, and incident response documentation.
• Provide cybersecurity compliance support to NCATS system owners and users.
• Assist with training programs related to security compliance and RMF processes.
• Support vulnerability remediation tracking and audit preparation activities.
• Provide end-user guidance on access control, monitoring requirements, and cybersecurity best practices.