Information Systems Security Officer (Cybersecurity)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Information Systems Security Officer (Cybersecurity): Implementing and maintaining the NIST Risk Management Framework (RMF) for NIH information systems with an accent on Assessment and Authorization (A&A) and regulatory compliance. Focus on developing security artifacts like SSPs and POA&Ms, monitoring vulnerabilities, and ensuring adherence to FISMA and NIST standards.
Location: Remote (Must have Public Trust Clearance or the ability to obtain one, requiring US person status)
Company
provides professional technical services supporting government agencies, including the National Institutes of Health (NIH).
What you will do
- Serve as the primary Information System Security Officer (ISSO) for assigned NIH information systems.
- Implement and maintain the NIST Risk Management Framework (RMF) throughout the system development lifecycle.
- Develop and update critical security documentation, including System Security Plans (SSPs), SAPs, SARs, and POA&Ms.
- Coordinate with System Owners to implement and maintain NIST SP 800-53 Rev. 5 security controls.
- Perform continuous monitoring and coordinate the remediation of security vulnerabilities with technical teams.
- Support annual FISMA assessments and both internal and external cybersecurity audits.
Requirements
- Public Trust Clearance (or the ability to obtain one).
- B.S. in Computer Science, Information Technology, or a related field.
- 5+ years of experience supporting Federal information security programs.
- Proven experience with Federal Assessment and Authorization (A&A) and implementing NIST RMF controls.
- Active certification in one of the following: CISSP, CAP, Security+, CISM, GSLC, or GSEC.
Culture & Benefits
- Full-time employment.
- Fully remote work environment.
- Opportunity to support high-impact federal health research infrastructure.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →