Senior information Systems Security Officer

About The Position

Requirements

• Bachelor’s degree required.
• CISSP required.
• 5-8 years of relevant experience.
• Strong knowledge and understanding of HIPAA, PII, NIST, FISMA, and FedRAMP.
• Proficiency with Nessus and Archer GRC (2 years desired).
• Knowledge of RMF, NIST, accreditation assessments, and DISA-STIGs.
• Excellent communication and briefing skills for client leadership.

Responsibilities

• Support a real-time risk management system that fosters collaboration and enhances security practices within the organization.
• Conduct regular security risk analyses for hospitals and healthcare systems to identify vulnerabilities and mitigate potential threats.
• Stay abreast of Healthcare IT technologies and apply NIST 800 series methodologies to safeguard them effectively.
• Provide technical analysis and support to accreditation assessors and ISSOs.
• Conduct analysis of current environment and provide recommendations to align accreditation processes with NIST and RMF guidance.
• Create and maintain information security policies in compliance with NIST and HIPAA regulations.
• Utilize Archer to develop and maintain system accreditation lifecycle workflows and ATO packet management processes.
• Conduct comprehensive security control assessments following NIST, IHS, and CISA guidelines.
• Conduct security risk analyses for current and emerging systems.
• Conduct comprehensive assessments of security controls for IHS systems and sites, following NIST and CISA guidelines and ensuring adherence to risk management practices.
• Thoroughly review system and site artifacts to verify compliance with NIST RMF requirements and identify potential areas for improvement.
• Utilize network scanning and patching tools to mitigate vulnerabilities and enhance system security.
• Prepare and present Approval to Operate (ATO) or Interim Approval to Test (IATT) documents, ensuring compliance with assessment requirements and CATOs.
• Stay current with relevant NIST publications, NIST, CISA and IHS standards, and other guidelines.
• Contribute to the development of policies, procedures, and methodologies that align with NIST RMF and support the organization's transition to these frameworks.
• Participate in staff assistance visits and annual FISMA security control assessments for DRSN sites, providing valuable insights and recommendations for improvement.
• Provide expert advice and produce necessary artifacts to ensure ongoing compliance with NIST RMF requirements and maintain a robust security posture.
• Ability to coordinate risk assessment and compliance activities between GRC and ISSO teams.
• Expert level knowledge of RMF process, accreditation assessments, and DISA-STIGs for both on premises and cloud environments.
• Excellent communication and briefing skills to communicate to client leadership.
• Support vulnerability management through regular assessments and compliance reporting.
• Experience with Tenable to request ad-hoc scans, review reports, and provide analysis to stakeholders.
• Provide input to the design and delivery training programs to educate system owners and employees on risk management, compliance, and security best practices.