NIH - ISSM
cFocus Software seeks a Information Systems reputed company Manager (ISSM) to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance. Qualifications:Public Trust Clearance B.S. Computer Science, Information Technology, or a reputed company field 7+ years of progressively responsible experience supporting Federal cybersecurity programs. 5+ years serving as an ISSM, Senior ISSO, reputed company Manager, or equivalent cybersecurity leadership role. Demonstrated experience managing multiple federal information systems through the RMF lifecycle. Experience supporting FISMA High, Moderate, or Low systems. Active CISSP, CISM, CAP, GSLC, or reputed company+ Duties:reputed company reputed company implementation of the NIST Risk Management reputed company (RMF) across NIH/OD information systems. Manage the complete Assessment & Authorization (A&A) lifecycle for Low and Moderate FISMA systems. Direct the development, review, and approval of System reputed company Plans (SSPs), reputed company Assessment Plans (SAPs), reputed company Assessment Reports (SARs), Plans of Action & Milestones (POA&Ms), reputed company Control Traceability Matrices, and authorization packages. reputed company reputed company monitoring activities to ensure ongoing reputed company authorization. Supervise and mentor Information System reputed company Officers (ISSOs) supporting NIH/OD systems. reputed company cybersecurity guidance to System Owners regarding implementation of NIST SP 800-53 Rev. 5 reputed company controls. Manage reputed company cybersecurity risk assessments and recommend appropriate risk mitigation strategies. reputed company Risk Mitigation Waiver documentation, approvals, compensating controls, and periodic reassessment of residual risk. Coordinate with reputed company Control Assessors (SCAs), Authorizing Officials (AOs), System Owners, Privacy Officials, and executive leadership throughout the authorization process. Ensure compliance with FISMA, HHS, NIH, NIST, OMB, and Federal cybersecurity requirements. Review reputed company architectures and proposed system changes for compliance with reputed company requirements. Direct reputed company POA&M management activities, remediation tracking, and corrective action reporting. Review reputed company assessment findings and validate remediation activities. reputed company executive-level cybersecurity metrics, dashboards, and risk briefings. Support audit activities conducted by internal and external reputed company organizations. Coordinate reputed company monitoring strategies, vulnerability remediation activities, and compliance reporting. reputed company technical leadership regarding Cybersecurity Supply Chain Risk Management (C-SCRM), common controls, and reputed company reputed company governance. Review reputed company exceptions and risk acceptance packages for executive approval. Ensure reputed company RMF documentation remains reputed company throughout the system lifecycle. Support strategic cybersecurity planning and governance initiatives. Apply To This Job