Serve as the system Security Manager / ISSO for My HealtheVet and act as the primary security point of contact for internal leadership and VA stakeholders
Establish and maintain a comprehensive security program aligned with FISMA, NIST RMF, NIST SP 800-53 Rev. 5 (High baseline), HVA guidance, and VA cybersecurity policy (VA 6500 series)
Lead ATO, reauthorization, and Continuous Monitoring (ConMon) activities, including assessment planning, evidence management, and package quality control
Coordinate audits, assessments, and required security testing activities, including control assessments and penetration testing
Drive a risk-based security approach appropriate for a FISMA High / HVA system
Identify, document, prioritize, and track security and privacy risks through POA&Ms, ensuring remediation actions are measurable and tracked to closure
Perform and document system risk assessments, security impact analyses, and privacy-related assessments
Ensure system security documentation remains current, accurate, and defensible for audits and oversight reviews
Oversee vulnerability management activities including triage, prioritization, remediation coordination, validation, and reporting
Integrate enterprise security initiatives (e.g., CDM-related reporting where applicable) into system risk tracking and POA&Ms
Support secure configuration, hardening, and ongoing control effectiveness monitoring
Coordinate incident response activities, including investigation support, escalation, documentation, and communication with VA security operations and CISO teams
Ensure incident response playbooks, reporting thresholds, and escalation paths are documented and exercised
Support after-action reviews and ensure lessons learned are translated into corrective actions
Oversee privileged and non-privileged access governance, enforcing least privilege, role-based access, and need-to-know principles
Ensure onboarding/offboarding controls, periodic access reviews, and MFA requirements are implemented and monitored
Support governance and monitoring of privileged access activity consistent with high-impact system expectations
Prepare and maintain security and authorization artifacts, including SSPs, assessment evidence, POA&Ms, risk acceptance documentation, and ConMon deliverables
Provide regular reporting to leadership on authorization status, risk posture, open findings, and remediation progress
Partner with Privacy, FOIA, and Records stakeholders to support breach documentation, consent and data-handling documentation, and incident records
Deliver or coordinate security and privacy awareness activities for engineers, staff, and contractors supporting My HealtheVet
Brief leadership on emerging threats, HVA-specific risks, and recommended mitigations, translating technical risk into mission impact
Track emerging threats relevant to healthcare and high-value federal systems (e.g., ransomware, supply chain risk) and drive implementation of safeguards
Lead remediation efforts for findings from oversight bodies such as OIG, GAO, and external assessors

Requirements

5+ years of experience in IT and cybersecurity, including experience supporting federal systems operating at FISMA Moderate or High
Strong working knowledge of FISMA, HVA expectations, NIST RMF, and NIST SP 800-53 Rev. 5 (High baseline)
Hands-on experience managing ATO, reauthorization, and Continuous Monitoring activities
Experience producing and maintaining federal security documentation (SSP, POA&Ms, assessment artifacts, SAR support)
Familiarity with privacy and security requirements relevant to federal healthcare systems and protection of sensitive data
Experience with vulnerability management workflows and security monitoring outputs (e.g., scan results, SIEM dashboards)
Understanding of Zero Trust concepts, cloud security considerations, and secure SDLC / DevSecOps practices
Strong written and verbal communication skills, with the ability to brief senior stakeholders and produce audit-ready documentation
Performs other related duties as assigned

Benefits

Fully remote
Tech & Education Stipend
Comprehensive Benefits Package
Company Match 401(k) plan
Flexible PTO, Paid Holidays

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills

FISMANIST RMFNIST SP 800-53 Rev. 5ATO managementContinuous Monitoringrisk assessmentsvulnerability managementsecurity documentationZero Trust conceptssecure SDLC

Soft skills

communication skillsleadershiporganizational skillsbriefing senior stakeholdersproblem-solvingcollaborationattention to detailanalytical thinkingadaptabilityincident response