Job Description

Job Description

Scope of the Project

The organization is responsible for the Security and Compliance of its Information Systems and Data. They are seeking an expert Senior Information System Security Officer (ISSO) to oversee and actively support the day-to-day security and compliance needs of complex information system environments. The Senior ISSO will lead the establishment, implementation, and enhancement of Security and Compliance efforts aligned with State/Agency policies, standards, and regulatory requirements such as FISMA, NIST, CMS MARS-E, HIPAA, and others.

Daily Duties / Responsibilities

The Senior ISSO will report to the ISSO Team Lead and function as a seasoned cybersecurity consultant to leadership, business units, external partners, and vendors.

• Lead and support information security governance programs and Risk Management Framework (RMF) activities.
• Strong preference for experience with CMS MARS-E, ARC-AMPE, or other FISMA RMF-compliant programs.
• Must have demonstrated experience developing and maintaining System Security Plans (SSPs), Privacy Impact Assessments (PIAs), Interconnection Security Agreements (ISAs), Computer Matching Agreements (CMAs), Audit and assessment documentation.
• Experience integrating RMF/A&A tasks into the System Development Life Cycle (SDLC).
• Experience with cloud security and vendor management is highly desirable.

• Hands-on experience with Archer (eGRC), Linux and Windows servers, Network Firewalls, IPS, switching, routing, SIEM platforms, Identity and Access Management (IAM) tools.

• Perform architectural reviews and risk assessments of security-related requests.
• Evaluate Network design and data flow, Data/system access models, Firewall rule requests, Baseline configuration deviations, Vulnerability management findings.
• Lead and mature security and compliance initiatives.
• Conduct internal and external system security assessments.
• Use Microsoft Office, ticketing systems, eGRC tools, Atlassian products, and other platforms for documentation and reporting.
• Review contracts, BAAs, data-sharing agreements, and related documents.
• Serve as primary contact for third-party audits and assessments.
• Collaborate with leadership, teams, and vendors to recommend risk mitigation strategies.

• Strong working knowledge of FISMA, NIST, CMS MARS-E, HIPAA.
• 5+ years experience in IT working with and/or auditing: Windows and Linux systems, Relational and non-relational databases, Network infrastructure, Web-based applications.
• Prior experience with FISMA-compliant programs.
• Experience working with eGRC systems.
• Prior Health IT exposure.
• Security certification required: ISC(2), ISACA, SANS GIAC, or equivalent.
• Ability to work independently or in teams, prioritize tasks, and meet deadlines.
• Strong communication skills with both technical and non-technical audiences.
• Intermediate to advanced proficiency with Microsoft Office (Word, Excel, PowerPoint, Visio).
• Strong attention to detail and ability to manage complex processes.
• Ability to adapt to changes and collaborate effectively with diverse teams.

• Bachelor's degree in Computer Science or related field, or 10+ years equivalent experience.
• Prior ITIL experience in Information Security Management.

Job Tags

Similar Jobs