Job#: 3038661

Job Description:

Location: Remote out of Woodlawn, Maryland

Type: Estimated 6 month contract to hire

Pay: $55-68/hr

Apply Here: Please send your updated resume and availibility for a call to Emma at [email protected]

An opportunity is available for an Information System Security Officer (ISSO) to join a team supporting a major federal program. The selected candidate will manage activities related to system security authorization, compliance, and continuous monitoring for a complex federal environment. This role is integral to ensuring secure and compliant systems across legacy and modern cloud platforms for mission-critical efforts at the Centers for Medicare & Medicaid Services (CMS).

• Serve as the ISSO for the program, ensuring compliance with FISMA Moderate, FedRAMP Moderate, and CMS ARS 5.1 security baselines.
• Oversee the full lifecycle of the Authorization to Operate (ATO) process, including the preparation and maintenance of all Security Authorization (SA) documentation.
• Conduct risk and vulnerability assessments, track remediation activities, and ensure high standards for system security at go-live.
• Manage security incidents, ensuring timely notification and coordination with stakeholders on mitigation and reporting.
• Develop, maintain, and update security policies, procedures, and other RMF documentation consistent with federal and CMS requirements.
• Support annual and ad hoc federal security assessments, including CSRAP, CFO, and OMB A123 reviews.
• Manage POA&M entries, validate mitigation strategies, and support audit responses.
• Perform continuous monitoring activities and analyze security reports to recommend corrective actions.
• Collaborate with engineering, operations, and program management teams to integrate security into system design and modernization efforts.
• Provide subject matter expertise on NIST 800-53 controls, FedRAMP requirements, and CMS-specific security processes.

Experience:

• PLEASE NOTE: Candidates must be able to obtain and/or maintain a Public Trust clearance as a condition and continuation of employment*
• Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD
• Must be eligible to obtain and maintain a Public Trust Clearance.
• Demonstrated experience serving as an ISSO or similar security lead on federal programs following FISMA, NIST RMF, and FedRAMP requirements.
• Hands‑on experience developing, maintaining, and reviewing RMF documentation (SSP, SAR, POA&M, CMP, Incident Response Plan, Contingency Plan, etc.).
• Experience conducting or supporting risk assessments, vulnerability analysis, and security audits.
• Familiarity with CMS ARS 5.1, CMS ATO processes, and federal cybersecurity reporting requirements.
• Experience supporting incident response processes, including rapid notification, coordination, and reporting.
• Strong understanding of vulnerability management tools and processes (e.g., Nessus, Tenable.sc, Qualys).
• Ability to communicate clearly and effectively with both technical and non‑technical stakeholders.

Technical Skills: Familiarity with CMS ARS 5.1, CMS ATO processes, and federal cybersecurity reporting requirements. Experience with incident response processes and a strong understanding of vulnerability management tools such as Nessus, Tenable.sc, or Qualys.

Additional Requirements: Must be eligible to obtain and maintain a Public Trust clearance. United States Citizen or Lawful Permanent Resident (Green Card Holder) living in the U.S. for last 3 years.

• Ability to travel to Woodlawn, Maryland on occasion if needed
• Relevant certifications such as CISSP, CISM, Security+, CEH, or CAP.
• Previous experience supporting CMS, federal healthcare programs, or large federal IT modernization efforts.
• Experience working in hybrid environments involving legacy systems and cloud platforms (AWS/Azure) subject to FedRAMP Moderate controls.
• Familiarity with continuous monitoring processes and automation tools.
• Experience supporting external audits such as CSRAP, CFO, and OMB A-123.
• Knowledge of secure software development practices and DevSecOps concepts.

Everforth Apex is a world-class IT services company that serves thousands of clients across the globe. When you join Everforth Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRateds Best of Staffing® in Talent Satisfaction in the United States and Great Place to Work® in the United Kingdom and Mexico.

Everforth Apex uses a virtual recruiter as part of the application process. Click here for more details. By applying for this job, you agree to receive calls, AI-generated calls, text messages, or emails from Everforth Apex and its affiliates, and contracted partners. Frequency varies for text messages. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You can reply STOP to cancel and HELP for help. You can access our privacy policy at https://www.apexsystems.com/privacy-policy

Everforth Apex Benefits Overview: Everforth Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Everforth Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Everforth Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Everforth Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our ‘Welcome Packet’ as well, which an Everforth Apex team member can provide.

Everforth Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Everforth Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law.

If you require an accommodation under the Americans with Disabilities Act to participate in an interview with a virtual recruiter or to use our website for a search or application, please contact our Benefits Department at [email protected] or 804-523-8228. Please note that this contact information is strictly to be used for medical ADA accommodations and that no other inquiries will be answered.

UnitedHealthcare creates and publishes the Transparency in Coverage Machine-Readable Files on behalf of Everforth Apex Systems.