Information Systems Security Engineer 100% Remote

Overview

Remote
Full Time
Part Time
Accepts corp to corp applications
Contract - W2
Contract - Independent
Contract - 5 month(s)

Skills

Strong working knowledge of NIST SP 800-37
800-53
800-137
and CMS Acceptable Risk Safeguards (ARS). Hands-on experience with A&A tools (e.g.
CSAM
eMASS
or Archer GRC). Proven ability to manage multiple systems in varying phases of the RMF lifecycle.

Job Details

Information Systems Security Officer (ISSO) NEED CMS EXPERIENCE

Location: Remote

20hr week

Position Summary

The Information Systems Security Officer (ISSO) provides governance, oversight, and advisory support for the security posture of CMS information systems. The ISSO will ensure compliance with federal security standards (FISMA, NIST SP 800-53, and CMS ARS), oversee the Assessment and Authorization (A&A) lifecycle, and maintain continuous monitoring activities to protect sensitive healthcare and beneficiary data.

The ideal candidate is a detail-oriented cybersecurity professional who thrives in a fast-paced federal environment, can balance technical depth with policy alignment, and has direct experience supporting CMS systems or contractors under the HHS umbrella.

Key Responsibilities

  • Serve as the primary point of contact for system security compliance for assigned CMS systems.
  • Manage and execute all phases of the A&A process in alignment with CMS ARS, NIST RMF, and FedRAMP baselines.
  • Maintain up-to-date System Security Plans (SSPs), Security Assessment Reports (SARs), and Plan of Action & Milestones (POA&M).
  • Coordinate with ISSMs, System Owners, and development teams to address vulnerabilities, findings, and audit actions.
  • Conduct security control assessments and risk analyses, ensuring that findings are documented and mitigated promptly.
  • Lead Continuous Monitoring (ConMon) efforts, including log review, patch management verification, and configuration management oversight.
  • Participate in internal and external audits, reviews, and CMS ISSE/ISSM briefings.
  • Ensure all documentation and artifacts align with CMS governance requirements and eCMS repositories.
  • Develop, implement, and track corrective action plans for security incidents and compliance gaps.
  • Provide guidance on secure architecture, data handling, and privacy practices in accordance with CMS policies.

Required Qualifications

  • Bachelor's degree in Information Technology, Cybersecurity, or related field (or equivalent experience).
  • 5+ years of experience in information system security, with at least 2 years supporting CMS
  • Strong working knowledge of NIST SP 800-37, 800-53, 800-137, and CMS Acceptable Risk Safeguards (ARS).
  • Hands-on experience with A&A tools (e.g., CSAM, eMASS, or Archer GRC).
  • Proven ability to manage multiple systems in varying phases of the RMF lifecycle.
  • Experience preparing for security audits, IV&V assessments, and FISMA reporting.
  • Excellent communication and stakeholder management skills; able to bridge the gap between technical and policy stakeholders.

Preferred Qualifications

  • CISSP, CAP, or CISM certification (required within 6 months of hire if not already held).
  • Experience with cloud security (AWS, Azure GovCloud) in a CMS or federal context.
  • Knowledge of privacy and data sharing requirements under HIPAA and CMS frameworks.
  • Familiarity with CMS contractor security deliverables, eCMS documentation, and control inheritance models.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.