Information Systems Security Officer – ATO, Compliance
Simsy Ventures
full-time
Posted on:
Location Type: Remote
Location: Remote • 🇺🇸 United States
Visit company websiteJob Level
Mid-LevelSenior
Tech Stack
Cyber Security
About the role
- Lead efforts to obtain, maintain, and renew the Authority to Operate (ATO) for CMS systems.
- Oversee and participate in the Security Assessment and Authorization (SA&A) process.
- Ensure all RVC systems maintain compliance with CMS information security requirements and federal cybersecurity frameworks.
- Implement and monitor adherence to the CMS Business Partner System Security Manual (BPSSM) and IOM Pub. 100-17.
- Develop, manage, and enforce IT security policies, procedures, and protocols.
- Conduct continuous monitoring, vulnerability assessments, and risk mitigation planning.
- Prepare documentation, security artifacts, and reports for CMS audits and reviews.
- Collaborate with technical teams, leadership, and CMS security personnel to ensure secure system operations.
- Support security incident response, reporting, and remediation activities.
- Provide subject matter expertise for additional programs or business lines as needed.
Requirements
- Minimum 3 years of hands-on experience with IT system security policies, procedures, and practices in large organizations.
- Practical experience supporting federal cybersecurity requirements, SA&A, or RMF-based compliance programs.
- Strong understanding of ATO processes, federal security controls, and continuous monitoring requirements.
Benefits
- Competitive compensation and comprehensive benefits package.
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
IT security policiessecurity assessmentauthorization processesvulnerability assessmentsrisk mitigation planningcontinuous monitoringsecurity documentationsecurity artifactsincident responsecompliance programs
Soft skills
collaborationleadershipcommunication