NIH - Cyber Program Analyst
Remote
Full Time
NIH - ISPSS
Experienced
cFocus Software seeks a Cyber Program Analyst to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
Duties:
Qualifications:
- Public Trust Clearance
- B.S. Computer Science, Information Technology, or a related field
- 2+ years supporting federal cybersecurity programs, RMF, governance, compliance, or ISSO activities.
- Preferred certifications include Security+, CAP, CISSP, CISM, PMP, or equivalent.
- Knowledge of NIST RMF, NIST SP 800-53 Rev.5, FISMA, FIPS, A&A, POA&M management, SSP development, cybersecurity reporting, risk management, executive communications, ServiceNow, Microsoft Office, and cybersecurity governance.
Duties:
- Support day-to-day program management activities, schedules, milestones, action items, and project reporting.
- Develop weekly, monthly, quarterly, and ad hoc cybersecurity reports, executive dashboards, risk profiles, and program metrics.
- Coordinate Program Management Plans, Project Management Plans, Integrated Master Schedules, SOPs, and other contract deliverables.
- Support Front Door security operations by tracking requests, maintaining documentation, and coordinating issue resolution.
- Assist ISSOs and System Owners with Assessment and Authorization (A&A) activities throughout the RMF lifecycle.
- Develop and maintain RMF documentation including SSPs, Security Assessment Plans, Security Assessment Reports, POA&Ms, and authorization packages.
- Monitor NIST SP 800-53 Rev. 5 security control implementation and continuous monitoring activities.
- Track Plans of Action & Milestones (POA&Ms), risk acceptance decisions, and remediation activities.
- Support Risk Management Strategy updates, common control libraries, and Cybersecurity Supply Chain Risk Management (C-SCRM) activities.
- Coordinate FISMA reporting, audit responses, corrective action plans, and cybersecurity compliance activities.
- Provide cybersecurity guidance to stakeholders regarding security requirements, documentation, and compliance obligations.
- Analyze cybersecurity metrics and identify trends, risks, and recommendations supporting executive decision making.
- Maintain program documentation and ensure compliance with NIH, HHS, NIST RMF, and federal cybersecurity policies.
Apply for this position
Required*