NIH - Cybersecurity Compliance Analyst
Location
United States
Posted
4 days ago
Salary
Not specified
Seniority
Mid Level
Job Description
Qualifications:
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related discipline.
- 5–7 years of experience supporting cybersecurity compliance, risk management, or information security programs.
- Familiarity with NIST Risk Management Framework (RMF).
- Experience supporting NIST SP 800-53 security control implementation.
- Experience preparing and maintaining RMF documentation including SSPs and POA&Ms.
- Understanding of FISMA compliance requirements and federal cybersecurity policies.
- Strong analytical and documentation skills.
- Support cybersecurity compliance activities across NCATS systems and infrastructure.
- Assist with implementation and documentation of NIST SP 800-53 security and privacy controls.
- Coordinate with system owners, developers, and infrastructure teams to ensure systems meet federal security requirements.
- Maintain compliance documentation and assist with system authorization packages.
- Provide training, support, and guidance to NCATS personnel on cybersecurity compliance requirements.
- Assist developers, engineers, and project stakeholders in implementing NIST SP 800-53 Rev.5 security controls.
- Support security control mapping and tailoring activities based on FIPS-199 system categorizations.
- Provide documentation support for RMF artifacts including System Security Plans (SSP), Security Assessment Plans (SAP),
- Security Assessment Reports (SAR), and Plans of Action and Milestones (POA&M).
- Assist with privacy control implementation and data protection requirements.
- Participate in system design discussions and provide compliance recommendations.
- Support security and privacy compliance for NCATS research programs and associated IT systems.
- Assist with preparation of FIPS-199 documentation and system registration within NIH GRC repositories.
- Conduct Privacy Impact Assessments (PIA) and Third-Party Web Application (TPWA) assessments.
- Assist the NCATS ISSO and Privacy Coordinator with privacy incident response, policy implementation,
- and security data calls.
- Maintain and update security and privacy documentation to ensure alignment with federal requirements.
- Assist with system assessment readiness and authorization preparation activities.
- Support development and maintenance of Authority to Operate (ATO) documentation.
- Conduct pre-assessment reviews of security controls and compliance artifacts.
- Assist with independent security assessments and remediation tracking.
- Support development of system authorization artifacts including SSPs, contingency plans, configuration management plans, and incident response documentation.
- Provide cybersecurity compliance support to NCATS system owners and users.
- Assist with training programs related to security compliance and RMF processes.
- Support vulnerability remediation tracking and audit preparation activities.
- Provide end-user guidance on access control, monitoring requirements, and cybersecurity best practices.
Related Guides
Related Categories
Related Job Pages
More Security Analyst Jobs
As a member of the Information Security team, the Cybersecurity Analyst intern is responsible for supporting SecOps efforts to protect the company from intrusions, malware, threat actors, and other forms of cyber attacks. The cybersecurity analyst intern will also be involved in ...
Cyber Information Assurance Specialist
JobgetherWe use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team. We appreciate your interest and wish you the best! Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time. #LI-CL1 We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
This role is a critical part of a team supporting naval surface fleet maintenance, modernization, and sustainment initiatives. You will help ensure the security, compliance, and operational integrity of information systems while collaborating with a geographically dispersed team ...
Agora que você já captou um pouco mais da nossa essência, vamos falar sobre a oportunidade? Auditoria Contínua de SI (Testes de Desenho e Efetividade): realizar testes técnicos periódicos para validar se os controles de segurança desenhados estão operando conforme esperad...
This role supports the Director of Information Security by implementing security projects that reinforce the information security and privacy management program. Key duties include administering security measures for information systems, protecting systems by defining access privileges, and performing privacy and security risk assessments.
