NIH - ISSM
Job in
Bethesda, Montgomery County, Maryland, 20811, USA
Listed on 2026-07-02
Listing for:
cFocus Software Incorporated
Full Time
position Listed on 2026-07-02
Job specializations:
-
IT/Tech
Cybersecurity, Information Security, IT Project Manager, IT Consultant
Job Description & How to Apply Below
Qualifications:
- Public Trust Clearance
- B.S. Computer Science, Information Technology, or a related field
- 7+ years of progressively responsible experience supporting Federal cybersecurity programs.
- 5+ years serving as an ISSM, Senior ISSO, Security Manager, or equivalent cybersecurity leadership role.
- Demonstrated experience managing multiple federal information systems through the RMF lifecycle.
- Experience supporting FISMA High, Moderate, or Low systems.
- Active CISSP, CISM, CAP, GSLC, or Security+
- Lead enterprise implementation of the NIST Risk Management Framework (RMF) across NIH/OD information systems.
- Manage the complete Assessment & Authorization (A&A) lifecycle for Low and Moderate FISMA systems.
- Direct the development, review, and approval of System Security Plans (SSPs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), Plans of Action & Milestones (POA&Ms), Security Control Traceability Matrices, and authorization packages.
- Oversee continuous monitoring activities to ensure ongoing security authorization.
- Supervise and mentor Information System Security Officers (ISSOs) supporting NIH/OD systems.
- Provide cybersecurity guidance to System Owners regarding implementation of NIST SP 800-53 Rev. 5 security controls.
- Manage enterprise cybersecurity risk assessments and recommend appropriate risk mitigation strategies.
- Oversee Risk Mitigation Waiver documentation, approvals, compensating controls, and periodic reassessment of residual risk.
- Coordinate with Security Control Assessors (SCAs), Authorizing Officials (AOs), System Owners, Privacy Officials, and executive leadership throughout the authorization process.
- Ensure compliance with FISMA, HHS, NIH, NIST, OMB, and Federal cybersecurity requirements.
- Review security architectures and proposed system changes for compliance with security requirements.
- Direct enterprise POA&M management activities, remediation tracking, and corrective action reporting.
- Review security assessment findings and validate remediation activities.
- Develop executive-level cybersecurity metrics, dashboards, and risk briefings.
- Support audit activities conducted by internal and external oversight organizations.
- Coordinate continuous monitoring strategies, vulnerability remediation activities, and compliance reporting.
- Provide technical leadership regarding Cybersecurity Supply Chain Risk Management (C-SCRM), common controls, and enterprise security governance.
- Review security exceptions and risk acceptance packages for executive approval.
- Ensure all RMF documentation remains current throughout the system lifecycle.
- Support strategic cybersecurity planning and governance initiatives.
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×