Role Description

cFocus Software seeks a Cybersecurity Program Manager / Lead ISSO to join our program supporting the National Institutes of Health (NIH). This position is remote and requires a Public Trust clearance.

• Provide overall cybersecurity program oversight; coordinate RMF activities
• Manage reporting to NCATS leadership
• Oversee ATO readiness and compliance efforts
• Coordinate stakeholder engagement and security training initiatives
• Manage program resources, workflows, deliverables, risk mitigation, and performance across cybersecurity tasks
• Coordinate with federal program managers, system owners, developers, and infrastructure teams to ensure security integration across the system lifecycle
• Oversee reporting, dashboards, and program metrics related to cybersecurity performance and compliance
• Ensure cybersecurity services align with FISMA, NIST SP 800-53, NIH ISRM policies, RMF, and Zero Trust Architecture requirements
• Provide expert guidance to system developers and architects implementing NIST SP 800-53 Rev. 5 security and privacy controls across the system development lifecycle
• Advise technical teams on security-by-design and DevSecOps practices during architecture reviews, sprint reviews, and system design activities
• Assist with security control selection, mapping, tailoring, and implementation based on system FIPS-199 categorizations
• Provide technical consultation on logging, encryption, API security, identity management, and other federal security requirements
• Support development of RMF documentation including SSPs, SAPs, SARs, POA&Ms, Continuous Monitoring Strategies, and PIAs
• Provide information security and privacy support for NCATS research systems and IT environments handling sensitive or PII data
• Develop and maintain documentation required for system registration in the NIH Governance, Risk, and Compliance (GRC) repository
• Conduct and support FIPS-199 categorizations, Privacy Impact Assessments (PIAs), and Third-Party Web Application (TPWA) assessments
• Support NCATS ISSO and privacy coordinator by assisting with privacy incident response, security data calls, and documentation maintenance
• Lead security authorization preparation and assessment readiness activities for NCATS systems
• Conduct pre-assessment security control reviews to prepare systems for FISMA compliance
• Maintain and enhance Authority to Operate (ATO) documentation and supporting artifacts
• Coordinate independent assessments and manage remediation of findings
• Develop and maintain assessment packages including SSPs, BIAs, contingency plans, incident response plans, and continuous monitoring artifacts
• Provide cybersecurity training and support to system owners, developers, and NCATS users
• Deliver training related to security compliance, RMF processes, secure system operation, and vulnerability remediation
• Support audit preparation and ensure cybersecurity awareness across the NCATS environment

Qualifications

• Bachelor’s degree in Computer Science, Cyber Security, or related field
• 10+ years of experience in cybersecurity, information assurance, or information systems security
• Experience managing cybersecurity programs or security compliance initiatives within federal environments
• Strong expertise with RMF, NIST SP 800-53, FISMA compliance, ATO processes, and security documentation
• Experience supporting federal agencies such as NIH, HHS, or other civilian agencies
• Ability to lead cybersecurity teams and coordinate across multiple stakeholders