Job Description

Company: cFocus Software Incorporated

cFocus Software seeks a Information Systems Security Officer (ISSO) to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
• Public Trust Clearance
• B.S. Computer Science, Information Technology, or a related field
• 5+ years of experience supporting Federal information security programs.
• Experience supporting Federal Assessment and Authorization (A&A) efforts.
• Experience implementing NIST Risk Management Framework (RMF) controls.
• Active CISSP, CAP, Security+, CISM, GSLC, or GSEC

Duties:
• Serve as the primary Information System Security Officer (ISSO) for assigned NIH information systems.
• Implement and maintain the NIST Risk Management Framework (RMF) throughout the system development lifecycle.
• Support Assessment and Authorization (A&A) activities for Low and Moderate FISMA systems.
• Develop, maintain, and update System Security Plans (SSPs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), security categorization documentation, and supporting authorization artifacts.
• Coordinate with System Owners to implement and maintain NIST SP 800-53 Rev. 5 security controls.
• Perform continuous monitoring activities to verify ongoing compliance with Federal cybersecurity requirements.
• Monitor security vulnerabilities and coordinate remediation efforts with system administrators and technical teams.
• Track, update, and report POA&M items through successful remediation and closure.
• Review vulnerability scan results and ensure corrective actions are completed within required timelines.
• Support annual FISMA assessments and internal/external cybersecurity audits.
• Assist in developing security risk assessments and documenting residual risk.
• Coordinate security control assessments with Security Control Assessors (SCAs).
• Support the preparation of authorization packages for Authorizing Officials (AOs).
• Review proposed system changes for cybersecurity impacts and ensure appropriate security documentation is updated.
• Maintain accurate cybersecurity documentation throughout the authorization lifecycle.
• Assist with Risk Mitigation Waiver documentation and implementation of compensating security controls.
• Provide cybersecurity guidance to System Owners regarding Federal information security requirements.
• Participate in security architecture reviews and system design discussions.
• Develop cybersecurity status reports, metrics, and compliance documentation for management.
• Ensure compliance with FISMA, OMB guidance, HHS cybersecurity policy, NIH security requirements, and NIST standards.
• Participate in cybersecurity incident response activities and coordinate with enterprise cybersecurity teams when required.

Source: LinkedIn