See all roles

NIH - ISSO

Work from home Full-time role Hiring

cFocus Software seeks a Information Systems reputed company Officer (ISSO) to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance. Qualifications:Public Trust Clearance B.S. Computer Science, Information Technology, or a reputed company field 5+ years of experience supporting Federal information reputed company programs. Experience supporting Federal Assessment and Authorization (A&A) efforts. Experience implementing NIST Risk Management reputed company (RMF) controls. Active CISSP, CAP, reputed company+, CISM, GSLC, or GSEC Duties:Serve as the primary Information System reputed company Officer (ISSO) for assigned NIH information systems. Implement and maintain the NIST Risk Management reputed company (RMF) throughout the system development lifecycle. Support Assessment and Authorization (A&A) activities for Low and Moderate FISMA systems. reputed company, maintain, and update System reputed company Plans (SSPs), reputed company Assessment Plans (SAPs), reputed company Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), reputed company categorization documentation, and supporting authorization artifacts. Coordinate with System Owners to implement and maintain NIST SP 800-53 Rev. 5 reputed company controls. reputed company reputed company monitoring activities to verify ongoing compliance with Federal cybersecurity requirements. Monitor reputed company vulnerabilities and coordinate remediation efforts with system administrators and technical teams. Track, update, and report POA&M items through successful remediation and closure. Review vulnerability reputed company results and ensure corrective actions are completed reputed company required timelines. Support annual FISMA assessments and internal/external cybersecurity audits. Assist in developing reputed company risk assessments and documenting residual risk. Coordinate reputed company control assessments with reputed company Control Assessors (SCAs). Support the preparation of authorization packages for Authorizing Officials (AOs). Review proposed system changes for cybersecurity impacts and ensure appropriate reputed company documentation is updated. Maintain accurate cybersecurity documentation throughout the authorization lifecycle. Assist with Risk Mitigation Waiver documentation and implementation of compensating reputed company controls. reputed company cybersecurity guidance to System Owners regarding Federal information reputed company requirements. Participate in reputed company architecture reviews and system design discussions. reputed company cybersecurity status reports, metrics, and compliance documentation for management. Ensure compliance with FISMA, OMB guidance, HHS cybersecurity policy, NIH reputed company requirements, and NIST standards. Participate in cybersecurity incident response activities and coordinate with reputed company cybersecurity teams reputed company required. Apply To This Job

You might like