HHS - Lead ISSO/RMF Lead

About The Position

Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, or related field.
• Minimum 8 years of experience in federal RMF / ISSO roles.
• Expert knowledge of NIST SP 800-37, 800-53, 800-53A, and FISMA.
• Experience with eGRC tools (e.g., RSA Archer).
• Strong written and verbal communication skills.

Responsibilities

• Provide expert guidance on RMF process execution and improvements.
• Develop templates, guidance, and documentation to support ISSO teams.
• Translate complex cybersecurity concepts for non-technical stakeholders.
• Develop executive briefings, dashboards, and reports.
• Support Zero Trust Architecture initiatives and supply chain risk management.
• Serve as the primary security point of contact for assigned systems.
• Notify HRSA SOC of suspected or confirmed incidents within one hour.
• Support incident response, remediation, and post-incident documentation.
• Ensure compliance with FISMA, OMB A-130, HHS, and HRSA policies.
• Support contingency planning, BIA development, and contingency testing.
• Lead RMF lifecycle execution for assigned systems following NIST SP 800-37 Rev. 2.
• Develop, maintain, and update all required FISMA security and privacy artifacts using HRSA eGRC.
• Prepare and maintain SSPs, SARs, POA&Ms, Continuous Monitoring Plans, and authorization packages.
• Conduct security categorization (FIPS 199) and ensure appropriate NIST 800-53 baselines are applied.
• Review, document, and track security findings and vulnerabilities to closure.
• Develop and manage POA&Ms with appropriate milestones, evidence, and ownership.
• Prepare Risk-Based Decisions (RBDs) when required and support AO adjudication.
• Coordinate with System Owners, SMEs, assessors, and DCSP leadership.
• Maintain acceptable CPIC Dashboard scores for assigned systems.
• Support ATO, annual assessments, and transition to ongoing authorization.