NIH - Cybersecurity Program Manager / Lead ISSO
Location
United States
Posted
4 days ago
Salary
Not specified
Seniority
Lead
Job Description
Qualifications:
- Bachelor’s degree in Computer Science, Cyber Security, or related field.
- 10+ years of experience in cybersecurity, information assurance, or information systems security.
- Experience managing cybersecurity programs or security compliance initiatives within federal environments.
- Strong expertise with RMF, NIST SP 800-53, FISMA compliance, ATO processes, and security documentation.
- Experience supporting federal agencies such as NIH, HHS, or other civilian agencies.
- Ability to lead cybersecurity teams and coordinate across multiple stakeholders.
- Provide overall cybersecurity program oversight; coordinate RMF activities
- Manage reporting to NCATS leadership
- Oversee ATO readiness and compliance efforts
- Coordinate stakeholder engagement and security training initiatives
- Manage program resources, workflows, deliverables, risk mitigation, and performance across cybersecurity tasks.
- Coordinate with federal program managers, system owners, developers, and infrastructure teams to ensure security integration across the system lifecycle.
- Oversee reporting, dashboards, and program metrics related to cybersecurity performance and compliance.
- Ensure cybersecurity services align with FISMA, NIST SP 800-53, NIH ISRM policies, RMF, and Zero Trust Architecture requirements.
- Provide expert guidance to system developers and architects implementing NIST SP 800-53 Rev. 5 security and privacy controls across the system development lifecycle.
- Advise technical teams on security-by-design and DevSecOps practices during architecture reviews, sprint reviews, and system design activities.
- Assist with security control selection, mapping, tailoring, and implementation based on system FIPS-199 categorizations.
- Provide technical consultation on logging, encryption, API security, identity management, and other federal security requirements.
- Support development of RMF documentation including SSPs, SAPs, SARs, POA&Ms, Continuous Monitoring Strategies, and PIAs.
- Provide information security and privacy support for NCATS research systems and IT environments handling sensitive or PII data.
- Develop and maintain documentation required for system registration in the NIH Governance, Risk, and Compliance (GRC) repository.
- Conduct and support FIPS-199 categorizations, Privacy Impact Assessments (PIAs), and Third-Party Web Application (TPWA) assessments.
- Support NCATS ISSO and privacy coordinator by assisting with privacy incident response, security data calls, and documentation maintenance.
- Lead security authorization preparation and assessment readiness activities for NCATS systems.
- Conduct pre-assessment security control reviews to prepare systems for FISMA compliance.
- Maintain and enhance Authority to Operate (ATO) documentation and supporting artifacts.
- Coordinate independent assessments and manage remediation of findings.
- Develop and maintain assessment packages including SSPs, BIAs, contingency plans, incident response plans, and continuous monitoring artifacts.
- Provide cybersecurity training and support to system owners, developers, and NCATS users.
- Deliver training related to security compliance, RMF processes, secure system operation, and vulnerability remediation.
- Support audit preparation and ensure cybersecurity awareness across the NCATS environment.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
The Regional Cyber Security Lead will drive the Cyber Security strategy within a designated region, collaborating with local managers to implement organizational and technical measures for compliance and maturity enhancement. Primary duties involve overseeing regional operations, developing security processes, conducting risk assessments, and acting as the IT/OT cyber security single point of contact.
Technical Development Representative – Animal Biosecurity
CDM SmithMore than an engineering & construction firm, we are a community passionate about meaningful projects and each other.
Technical Development Representative enhancing poultry biosecurity for Arxada.
Senior Counsel, Security and Technology
CoinbaseWe're building an open financial system for the world.
The Senior Counsel will advise on compliance with cybersecurity laws, assist with incident responses, provide regulatory guidance, and manage outside counsel related to security and technology issues.
Security Engineer
BenchlingBiotechnology is rewriting life as we know it, from the medicines we take, to the crops we grow, and the household goods that we rely on every day. But moving at the new speed of science requires better technology. Benchling’s mission is to unlock the power of biotechnology. The world’s most innovative biotech companies use Benchling’s R&D Cloud to power the development of breakthrough products. Help us bring modern software to modern science. We’re on Team Science We believe in the promise of science and the teamwork required to fulfill that promise. Whether your background is in science, engineering, business, or another field, you’re on Team Science if you believe in the power of science to solve the world’s most pressing problems.
The Security Engineer will lead security tool development, collaborate with engineering teams for AWS security implementation, mentor peers, and drive security initiatives and processes.
