NIH - ISSM in Bethesda, Maryland at cFocus Software Incorporated
NewEmployment Type: Full-Time
cFocus Software Incorporated
Bethesda, Maryland, 20814, United States
Posted on
New job! Apply early to increase your chances of getting hired.
Explore Related Opportunities
Job Description
cFocus Software seeks a Information Systems Security Manager (ISSM) to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
Duties:
Qualifications:
- Public Trust Clearance
- B.S. Computer Science, Information Technology, or a related field
- 7+ years of progressively responsible experience supporting Federal cybersecurity programs.
- 5+ years serving as an ISSM, Senior ISSO, Security Manager, or equivalent cybersecurity leadership role.
- Demonstrated experience managing multiple federal information systems through the RMF lifecycle.
- Experience supporting FISMA High, Moderate, or Low systems.
- Active CISSP, CISM, CAP, GSLC, or Security+
Duties:
- Lead enterprise implementation of the NIST Risk Management Framework (RMF) across NIH/OD information systems.
- Manage the complete Assessment & Authorization (A&A) lifecycle for Low and Moderate FISMA systems.
- Direct the development, review, and approval of System Security Plans (SSPs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), Plans of Action & Milestones (POA&Ms), Security Control Traceability Matrices, and authorization packages.
- Oversee continuous monitoring activities to ensure ongoing security authorization.
- Supervise and mentor Information System Security Officers (ISSOs) supporting NIH/OD systems.
- Provide cybersecurity guidance to System Owners regarding implementation of NIST SP 800-53 Rev. 5 security controls.
- Manage enterprise cybersecurity risk assessments and recommend appropriate risk mitigation strategies.
- Oversee Risk Mitigation Waiver documentation, approvals, compensating controls, and periodic reassessment of residual risk.
- Coordinate with Security Control Assessors (SCAs), Authorizing Officials (AOs), System Owners, Privacy Officials, and executive leadership throughout the authorization process.
- Ensure compliance with FISMA, HHS, NIH, NIST, OMB, and Federal cybersecurity requirements.
- Review security architectures and proposed system changes for compliance with security requirements.
- Direct enterprise POA&M management activities, remediation tracking, and corrective action reporting.
- Review security assessment findings and validate remediation activities.
- Develop executive-level cybersecurity metrics, dashboards, and risk briefings.
- Support audit activities conducted by internal and external oversight organizations.
- Coordinate continuous monitoring strategies, vulnerability remediation activities, and compliance reporting.
- Provide technical leadership regarding Cybersecurity Supply Chain Risk Management (C-SCRM), common controls, and enterprise security governance.
- Review security exceptions and risk acceptance packages for executive approval.
- Ensure all RMF documentation remains current throughout the system lifecycle.
- Support strategic cybersecurity planning and governance initiatives.
Scan to Apply
Just scan this QR code to apply from your phone.
Job Location
Bethesda, Maryland, 20814, United States
Frequently asked questions about this position
Similar Jobs In Bethesda, Maryland
Hot Job
Warehouse Associate / Forklift Driver
Brightkey, Inc
Odenton, Maryland
NewHot Job
Driver
My City Transportation
Annapolis, Maryland
New
Retail Print Specialist (Largo, MD)
Staples
Largo, Maryland
New
Sr. Analytics Engineer
HYERTEK INC
Rockville, Maryland
New
Compliance, Sr. Coordinator Floating (Hybrid) MD, DC, PA. & VA.
Enterprise Community Partners
Baltimore, Maryland
Apply NowYour application goes straight to the hiring team
By submitting your application, you understand and agree to JobTarget's
Terms of Use and
Privacy Policy.