×
Register Here to Apply for Jobs or Post Jobs. X

NIH - ISSM

Job in Bethesda, Montgomery County, Maryland, 20811, USA
Listing for: cFocus Software Incorporated
Full Time position
Listed on 2026-07-02
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, IT Project Manager, IT Consultant
Job Description & How to Apply Below
cFocus Software seeks a Information Systems Security Manager (ISSM) to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
  • Public Trust Clearance
  • B.S. Computer Science, Information Technology, or a related field
  • 7+ years of progressively responsible experience supporting Federal cybersecurity programs.
  • 5+ years serving as an ISSM, Senior ISSO, Security Manager, or equivalent cybersecurity leadership role.
  • Demonstrated experience managing multiple federal information systems through the RMF lifecycle.
  • Experience supporting FISMA High, Moderate, or Low systems.
  • Active CISSP, CISM, CAP, GSLC, or Security+
Duties:
  • Lead enterprise implementation of the NIST Risk Management Framework (RMF) across NIH/OD information systems.
  • Manage the complete Assessment & Authorization (A&A) lifecycle for Low and Moderate FISMA systems.
  • Direct the development, review, and approval of System Security Plans (SSPs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), Plans of Action & Milestones (POA&Ms), Security Control Traceability Matrices, and authorization packages.
  • Oversee continuous monitoring activities to ensure ongoing security authorization.
  • Supervise and mentor Information System Security Officers (ISSOs) supporting NIH/OD systems.
  • Provide cybersecurity guidance to System Owners regarding implementation of NIST SP 800-53 Rev. 5 security controls.
  • Manage enterprise cybersecurity risk assessments and recommend appropriate risk mitigation strategies.
  • Oversee Risk Mitigation Waiver documentation, approvals, compensating controls, and periodic reassessment of residual risk.
  • Coordinate with Security Control Assessors (SCAs), Authorizing Officials (AOs), System Owners, Privacy Officials, and executive leadership throughout the authorization process.
  • Ensure compliance with FISMA, HHS, NIH, NIST, OMB, and Federal cybersecurity requirements.
  • Review security architectures and proposed system changes for compliance with security requirements.
  • Direct enterprise POA&M management activities, remediation tracking, and corrective action reporting.
  • Review security assessment findings and validate remediation activities.
  • Develop executive-level cybersecurity metrics, dashboards, and risk briefings.
  • Support audit activities conducted by internal and external oversight organizations.
  • Coordinate continuous monitoring strategies, vulnerability remediation activities, and compliance reporting.
  • Provide technical leadership regarding Cybersecurity Supply Chain Risk Management (C-SCRM), common controls, and enterprise security governance.
  • Review security exceptions and risk acceptance packages for executive approval.
  • Ensure all RMF documentation remains current throughout the system lifecycle.
  • Support strategic cybersecurity planning and governance initiatives.

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary