Information System Security Officer

Summary

Join MicroHealth's cybersecurity team as a remote Information System Security Officer (ISSO)! Ensure the security and compliance of information systems in an Agile environment. Develop, implement, and maintain security policies and procedures. Conduct security assessments and risk analyses. Manage ATO processes and documentation. Ensure compliance with federal security standards. Collaborate with development teams to integrate security practices.

Requirements

• Minimum 12+ years of experience in Cybersecurity
• Proven experience with Authorization to Operate (ATO) processes
• Demonstrated experience working in Agile development environments
• Bachelor’s degree in computer science, Cybersecurity, Information Technology, or related field
• IAT Level III certification
• CISSP (Certified Information Systems Security Professional) or CISA (Certified Information Systems Auditor)
• Must be able to obtain and maintain a background investigation clearance (e.g., Public Trust)

Responsibilities

• Develop, implement, and maintain information system security policies and procedures
• Conduct security assessments and risk analyses for information systems
• Manage and oversee ATO processes and documentation
• Ensure compliance with federal security standards and regulations (NIST, FISMA, etc.)
• Collaborate with development teams in Agile environments to integrate security practices
• Monitor and respond to security incidents and vulnerabilities
• Prepare and maintain security documentation, including System Security Plans (SSP)
• Coordinate with auditors and regulatory bodies during compliance reviews
• Provide security guidance and training to technical teams
• Implement and maintain continuous monitoring programs
• Assess and approve security controls for information systems
• Support incident response and forensic activities as needed
• Perform security control assessments and validation testing
• Develop and maintain security metrics and reporting dashboards
• Coordinate vulnerability management and remediation efforts
• Review and approve system interconnection agreements
• Conduct security awareness training and briefings
• Participate in change control boards and security architecture reviews
• Maintain relationships with external security vendors and service providers
• Support business continuity and disaster recovery planning
• Ensure proper handling and protection of sensitive data
• Stay current with emerging cybersecurity threats and technologies

Preferred Qualifications

• Master's degree
• CISM (Certified Information Security Manager)
• CRISC (Certified in Risk and Information Systems Control)

Benefits

• $130,000-$150,000
• Remote