Qualifications:
- Bachelor’s degree in Computer Science, Cyber Security, or related field.
- 10+ years of experience in cybersecurity, information assurance, or information systems security.
- Experience managing cybersecurity programs or security compliance initiatives within federal environments.
- Strong expertise with RMF, NIST SP 800-53, FISMA compliance, ATO processes, and security documentation.
- Experience supporting federal agencies such as NIH, HHS, or other civilian agencies.
- Ability to lead cybersecurity teams and coordinate across multiple stakeholders.
- Provide overall cybersecurity program oversight; coordinate RMF activities
- Manage reporting to NCATS leadership
- Oversee ATO readiness and compliance efforts
- Coordinate stakeholder engagement and security training initiatives
- Manage program resources, workflows, deliverables, risk mitigation, and performance across cybersecurity tasks.
- Coordinate with federal program managers, system owners, developers, and infrastructure teams to ensure security integration across the system lifecycle.
- Oversee reporting, dashboards, and program metrics related to cybersecurity performance and compliance.
- Ensure cybersecurity services align with FISMA, NIST SP 800-53, NIH ISRM policies, RMF, and Zero Trust Architecture requirements.
- Provide expert guidance to system developers and architects implementing NIST SP 800-53 Rev. 5 security and privacy controls across the system development lifecycle.
- Advise technical teams on security-by-design and DevSecOps practices during architecture reviews, sprint reviews, and system design activities.
- Assist with security control selection, mapping, tailoring, and implementation based on system FIPS-199 categorizations.
- Provide technical consultation on logging, encryption, API security, identity management, and other federal security requirements.
- Support development of RMF documentation including SSPs, SAPs, SARs, POA&Ms, Continuous Monitoring Strategies, and PIAs.
- Provide information security and privacy support for NCATS research systems and IT environments handling sensitive or PII data.
- Develop and maintain documentation required for system registration in the NIH Governance, Risk, and Compliance (GRC) repository.
- Conduct and support FIPS-199 categorizations, Privacy Impact Assessments (PIAs), and Third-Party Web Application (TPWA) assessments.
- Support NCATS ISSO and privacy coordinator by assisting with privacy incident response, security data calls, and documentation maintenance.
- Lead security authorization preparation and assessment readiness activities for NCATS systems.
- Conduct pre-assessment security control reviews to prepare systems for FISMA compliance.
- Maintain and enhance Authority to Operate (ATO) documentation and supporting artifacts.
- Coordinate independent assessments and manage remediation of findings.
- Develop and maintain assessment packages including SSPs, BIAs, contingency plans, incident response plans, and continuous monitoring artifacts.
- Provide cybersecurity training and support to system owners, developers, and NCATS users.
- Deliver training related to security compliance, RMF processes, secure system operation, and vulnerability remediation.
- Support audit preparation and ensure cybersecurity awareness across the NCATS environment.