HHS - Jr. ISSO
About The Position
cFocus Software seeks a Jr. ISSO to join our program supporting the Department of Health and Human Services (HHS) This position is remote. This position requires the ability a Public Trust clearance. Qualifications: Bachelor’s degree in Cybersecurity, Information Technology, or related field. Minimum 5+ years of experience supporting federal RMF and ISSO functions. Expert knowledge of NIST SP 800-37, NIST SP 800-53, NIST SP 800-53A, and FISMA requirements. Hands-on experience supporting ATOs, continuous monitoring, and eGRC tools (e.g., RSA Archer). Experience supporting systems containing PII and moderate/high impact data. Strong written and verbal communication skills. Active CISSP, CAP, CISM, or Security+ (preferred) Duties: Serve as the primary security advisor to System Owners, ISSOs, and program leadership. Develop, review, and maintain RMF artifacts including SSPs, SARs, POA&Ms, Continuous Monitoring Plans, BIAs, and Contingency Plans. Ensure accurate and timely entry of system security data into the HRSA eGRC platform. Manage POA&M development, prioritization, tracking, and closure in coordination with stakeholders. Prepare systems for initial ATOs, annual assessments, and ongoing authorization activities. Support Security Control Assessments (SCAs) and remediate findings in coordination with assessors. Develop Risk-Based Decisions (RBDs) and support Authorizing Official (AO) adjudication. Maintain acceptable CPIC dashboard scores and support corrective actions. Ensure compliance with FISMA, OMB A-130, HHS, and HRSA cybersecurity policies. Support vulnerability management, incident response, and configuration management activities. Provide mentoring and technical guidance to junior ISSOs and RMF analysts. Develop and maintain system security SOPs, workflows, and documentation. Prepare executive briefings, metrics, and reports on system security posture and risk.
Requirements
- Bachelor’s degree in Cybersecurity, Information Technology, or related field.
- Minimum 5+ years of experience supporting federal RMF and ISSO functions.
- Expert knowledge of NIST SP 800-37, NIST SP 800-53, NIST SP 800-53A, and FISMA requirements.
- Hands-on experience supporting ATOs, continuous monitoring, and eGRC tools (e.g., RSA Archer).
- Experience supporting systems containing PII and moderate/high impact data.
- Strong written and verbal communication skills.
- Ability a Public Trust clearance.
Nice To Haves
- Active CISSP, CAP, CISM, or Security+
Responsibilities
- Serve as the primary security advisor to System Owners, ISSOs, and program leadership.
- Develop, review, and maintain RMF artifacts including SSPs, SARs, POA&Ms, Continuous Monitoring Plans, BIAs, and Contingency Plans.
- Ensure accurate and timely entry of system security data into the HRSA eGRC platform.
- Manage POA&M development, prioritization, tracking, and closure in coordination with stakeholders.
- Prepare systems for initial ATOs, annual assessments, and ongoing authorization activities.
- Support Security Control Assessments (SCAs) and remediate findings in coordination with assessors.
- Develop Risk-Based Decisions (RBDs) and support Authorizing Official (AO) adjudication.
- Maintain acceptable CPIC dashboard scores and support corrective actions.
- Ensure compliance with FISMA, OMB A-130, HHS, and HRSA cybersecurity policies.
- Support vulnerability management, incident response, and configuration management activities.
- Provide mentoring and technical guidance to junior ISSOs and RMF analysts.
- Develop and maintain system security SOPs, workflows, and documentation.
- Prepare executive briefings, metrics, and reports on system security posture and risk.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
