Information Technology Security, Advisor

Peraton•,

6d•$104,000 - $166,000

About The Position

Peraton is seeking an Information System Security Officer (ISSO) Manager to join our team of qualified, diverse professionals supporting the Health State and Local Sector. The ideal candidate will lead a team of security professionals and oversee all activities related to system security authorization, compliance, and continuous monitoring for a complex federal environment. The ISSO will play a critical role mentoring direct reports, managing team workloads, and ensuring secure, compliant, and resilient systems across both legacy integrations and modern cloud-based platforms, while leading major cybersecurity initiatives and mission‑critical efforts at the Centers for Medicare & Medicaid Services (CMS). Information System Security Officer (ISSO) Manager responsibilities shall include, but are not limited to: Leadership & Personnel Management Provide direct supervision, leadership, and mentorship to a team of ISSOs and cybersecurity professionals, including performance management, goal setting, and professional development. Manage team resource allocation, delegate workloads, and oversee the successful completion of all daily security operations and contract deliverables. Establish team-level workflows and standard operating procedures (SOPs) to ensure consistent execution of risk management and compliance tasks. Act as the primary escalation point and leadership interface for senior program management, government stakeholders, and external audit authorities. Cybersecurity & Compliance Serving as the Lead ISSO for the Program and ensuring full compliance with FISMA Moderate, FedRAMP Moderate, and CMS ARS 5.1 security control baselines. Overseeing the full lifecycle of the Authorization to Operate (ATO) process, including preparation, maintenance, and submission of all Security Authorization (SA) and Certification & Accreditation (C&A) documentation. Conducting comprehensive risk and vulnerability assessments, tracking remediation activities, and ensuring zero open Critical/High vulnerabilities at go‑live. Managing security incidents, ensuring notification within 1 hour, and coordinating with stakeholders on mitigation, reporting, and after‑action activities. Developing, maintaining, and updating security policies, procedures, SSPs, SOPs, and other RMF documentation consistent with federal and CMS requirements. Supporting annual and ad‑hoc federal security assessments, including CSRAP, CFO, and OMB A‑123 reviews, and ensuring timely and accurate submission of evidence packages. Managing POA&M entries, validating mitigation strategies, supporting audit responses, and ensuring high‑quality documentation in accordance with CMS and federal guidance. Performing continuous monitoring activities, analyzing security reports (e.g., vulnerability scans, audit logs), and recommending corrective actions. Collaborating closely with engineering, operations, and program management teams to ensure security is embedded into system design, modernization efforts, and integrations with legacy systems. Providing guidance and subject matter expertise on NIST 800‑53 controls, FedRAMP requirements, and CMS-specific security processes to technical and non-technical stakeholders. Ensuring all system changes follow proper security impact analysis procedures prior to deployment. Supporting contractors, government, and third-party security assessments and participating in technical discussions related to architecture, compliance, and risk.

Requirements

Bachelor’s degree and 8+ years of relevant cybersecurity, information assurance, or system security experience; or 12 of relevant experience and a HS diploma.
2+ years of experience formally leading, managing, or supervising direct reports/cybersecurity personnel.
Demonstrated experience serving as an ISSO, Lead ISSO, or Security Manager on federal programs following FISMA, NIST RMF, and FedRAMP requirements.
Proven capability to manage the delivery, review, and quality control of RMF documentation (SSP, SAR, POA&M, CMP, Incident Response Plan, Contingency Plan, etc.) produced by a team.
Experience conducting or supporting risk assessments, vulnerability analysis, and security audits.
Familiarity with CMS ARS 5.1, CMS ATO processes, and federal cybersecurity reporting requirements.
Experience supporting incident response processes, including rapid notification, coordination, and reporting.
Strong understanding of vulnerability management tools and processes (e.g., Nessus, Tenable.sc, Qualys).
Ability to communicate clearly, effectively, and authoritatively with both technical and non‑technical stakeholders, including senior executive leadership.
U.S. Citizenship required for federal security requirements.
Ability to obtain and maintain a Public Trust clearance.

Nice To Haves

Relevant certifications such as CISSP, CISM, GSLC (GIAC Security Leadership), Security+, CEH, or CAP.
Previous experience managing security teams supporting CMS, federal healthcare programs, or large federal IT modernization efforts.
Experience working in hybrid environments involving both legacy systems and cloud environments (AWS/Azure) subject to FedRAMP Moderate controls.
Familiarity with continuous monitoring processes and automation tools aligned with federal environments.

Responsibilities

Provide direct supervision, leadership, and mentorship to a team of ISSOs and cybersecurity professionals, including performance management, goal setting, and professional development.
Manage team resource allocation, delegate workloads, and oversee the successful completion of all daily security operations and contract deliverables.
Establish team-level workflows and standard operating procedures (SOPs) to ensure consistent execution of risk management and compliance tasks.
Act as the primary escalation point and leadership interface for senior program management, government stakeholders, and external audit authorities.
Serve as the Lead ISSO for the Program and ensure full compliance with FISMA Moderate, FedRAMP Moderate, and CMS ARS 5.1 security control baselines.
Oversee the full lifecycle of the Authorization to Operate (ATO) process, including preparation, maintenance, and submission of all Security Authorization (SA) and Certification & Accreditation (C&A) documentation.
Conduct comprehensive risk and vulnerability assessments, track remediation activities, and ensure zero open Critical/High vulnerabilities at go‑live.
Manage security incidents, ensuring notification within 1 hour, and coordinate with stakeholders on mitigation, reporting, and after‑action activities.
Develop, maintain, and update security policies, procedures, SSPs, SOPs, and other RMF documentation consistent with federal and CMS requirements.
Support annual and ad‑hoc federal security assessments, including CSRAP, CFO, and OMB A‑123 reviews, and ensure timely and accurate submission of evidence packages.
Manage POA&M entries, validate mitigation strategies, support audit responses, and ensure high‑quality documentation in accordance with CMS and federal guidance.
Perform continuous monitoring activities, analyze security reports (e.g., vulnerability scans, audit logs), and recommend corrective actions.
Collaborate closely with engineering, operations, and program management teams to ensure security is embedded into system design, modernization efforts, and integrations with legacy systems.
Provide guidance and subject matter expertise on NIST 800‑53 controls, FedRAMP requirements, and CMS-specific security processes to technical and non-technical stakeholders.
Ensure all system changes follow proper security impact analysis procedures prior to deployment.
Support contractors, government, and third-party security assessments and participate in technical discussions related to architecture, compliance, and risk.