We are seeking an experienced Information Systems Security Officer to join our dynamic team. In this role, you will support our client's ISSO and Risk and Compliance teams, participating in activities related to risk management, compliance, and information system security. Your expertise in FedRAMP, RMF, and accreditation assessments will be crucial in ensuring our client's systems adhere to Federal standards.

• Support a real-time risk management system that fosters collaboration and enhances security practices within the organization.
• Conduct regular security risk analyses for hospitals and healthcare systems to identify vulnerabilities and mitigate potential threats.
• Stay abreast of Healthcare IT technologies and apply NIST 800 series methodologies to safeguard them effectively.
• Provide technical analysis and support to accreditation assessors and ISSOs.
• Conduct analysis of current environment and provide recommendations to align accreditation processes with NIST and RMF guidance
• Create and maintain information security policies in compliance with NIST and HIPAA regulations.
• Utilize Archer to develop and maintain system accreditation lifecycle workflows and ATO packet management processes.
• Conduct comprehensive security control assessments following NIST, IHS, and CISA guidelines
• Conduct security risk analyses for current and emerging systems
• Conduct comprehensive assessments of security controls for IHS systems and sites, following NIST and CISA guidelines and ensuring adherence to risk management practices.
• Thoroughly review system and site artifacts to verify compliance with NIST RMF requirements and identify potential areas for improvement.
• Utilize network scanning and patching tools to mitigate vulnerabilities and enhance system security.
• Prepare and present Approval to Operate (ATO) or Interim Approval to Test (IATT) documents, ensuring compliance with assessment requirements and CATOs.
• Stay current with relevant NIST publications, NIST, CISA and IHS standards, and other guidelines.
• Contribute to the development of policies, procedures, and methodologies that align with NIST RMF and support the organization's transition to these frameworks.
• Utilize network scanning and patching tools to mitigate vulnerabilities and enhance system security.
• Participate in staff assistance visits and annual FISMA security control assessments for DRSN sites, providing valuable insights and recommendations for improvement.
• Provide expert advice and produce necessary artifacts to ensure ongoing compliance with NIST RMF requirements and maintain a robust security posture.
• Ability to coordinate risk assessment and compliance activities between GRC and ISSO teams
• Expert level knowledge of RMF process, accreditation assessments, and DISA-STIGs for both on premises and cloud environments
• Excellent communication and briefing skills to communicate to client leadership
• Conduct regular security risk analyses for healthcare systems to identify vulnerabilities and mitigate potential threats.
• Ensure compliance with relevant regulations and standards to provide guidance to system owners on the selection and implementation of appropriate security controls.
• Support vulnerability management through regular assessments and compliance reporting.
• Experience with Tenable to request ad-hoc scans, review reports, and provide analysis to stakeholders.
• Provide input to the design and delivery training programs to educate system owners and employees on risk management, compliance, and security best practices to foster and maintain a comprehensive and proactive security culture.

• Bachelor’s degree required
• CISSP required.
• 3-5 years of relevant experience.
• Strong knowledge and understanding of HIPAA, PII, NIST, FISMA, and FedRAMP.
• Proficiency with Nessus and Archer GRC (2 years desired).
• Knowledge of RMF, NIST, accreditation assessments, and DISA-STIGs.
• Excellent communication and briefing skills for client leadership.