Role Description The Information System Security Officer (ISSO) will be responsible for ensuring the security and compliance of the HHS ACL EITS systems. The ISSO will work closely with the program team to manage and maintain the security posture of information systems, ensuring compliance with federal guidelines such as FISMA, NIST, and other regulatory frameworks. The ISSO will be instrumental in identifying security risks, implementing mitigation strategies, and performing continuous monitoring to maintain a secure operational environment. Responsibilities - Ensure that all HHS ACL EITS systems are in compliance with federal security standards, including FISMA, NIST 800-53, and other relevant federal regulations. - Manage the development, review, and approval of security authorization packages in accordance with the Risk Management Framework (RMF). - Conduct regular security risk assessments and develop risk mitigation strategies. - Oversee and document the development and implementation of security measures across systems. - Track and manage system vulnerabilities and security risks using tools such as vulnerability scanners and other monitoring tools. - Develop, update, and maintain System Security Plans (SSPs). - Lead efforts in continuous monitoring of information systems, ensuring that security controls are operating effectively and adjusting as necessary based on findings from audits or assessments. - Lead the incident response efforts for any security breaches or incidents within the program. - Report security incidents in a timely manner to stakeholders and provide recommendations for resolving the issues. - Work closely with Authorizing Officials (AOs) to ensure that all systems within the program are properly accredited and authorized to operate. - Ensure the security authorization process follows NIST RMF requirements, including developing security documentation, performing security testing, and ensuring corrective actions are implemented. - Develop and deliver security training and awareness programs for staff to ensure compliance with security protocols and federal guidelines. - Work with the program's stakeholders to communicate security requirements and foster a security-conscious culture. - Other duties as assigned. Qualifications - Bachelor’s degree in information technology, Cybersecurity, or additional experience in lieu of a degree. - 5+ years of experience in cybersecurity, information assurance, or a related field, preferably within a federal environment. - Certified Information Systems Security Professional (CISSP), or equivalent experience and knowledge commiserate with certification requirements. - US Citizenship and ability to successfully pass Public Trust Background Investigation is required. Preferred Qualifications - 5+ years of experience in security architecture, security assessment, or a related cybersecurity role within a federal or government environment. - Successfully pass background and drug screening. Knowledge, Skills, and Abilities - Certified Information Security Manager (CISM) preferred. - Certified Information Systems Auditor (CISA) preferred. - Proven experience with FISMA, NIST RMF, and FedRAMP controls. - Strong understanding of security frameworks (NIST, FISMA, etc.). - Proficient with security tools, such as vulnerability scanners, security incident event management (SIEM) systems, and intrusion detection systems (IDS). Benefits - Broad range of benefits offered to team members. - Opportunities for professional development and skill sharpening. - Supportive culture that encourages team members to do their best work. - Well-being programs to maintain a healthy work-life balance. - Focus on corporate citizenship and positive social impact in communities. Teleworking Details - 100% remote. Estimated Salary/Wage - Up to USD $140,000.00/Yr.

• Develops, tests, implements, and integrates Identity and Access Management (IAM) systems and solutions. • Performs basic integration testing of systems. • Executes engineering tasks to ensure that solutions protect information resources against unauthorized use, inappropriate degrees of access, disclosure, damage and/or loss. • Leverages problem solving and data analysis skills to ensure projects deliver on time. • Troubleshoots and manages the resolution of issues related to identities, systems, access, accounts, authentication, authorization, entitlements, and permissions. • Determines and recommends the most appropriate response to identified more complex problems, issues and/or defects by assessing impact and prioritization. • Executes maintenance, patching, operating, and monitoring of IAM systems. • Troubleshoots, supports and resolves system incidents, problems and changes, as required. • Facilitate the continuous adoption, training, communication, and education of IAM capabilities, functions, and standards. • Utilizes and refines reusable strategies, decisions, service components, libraries and frameworks to support enterprise-level IAM services. • Maintains awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. • Ensures senior management and staff are informed of any changes and updates in a timely manner. • Establishes and maintains appropriate network of professional contacts. • Maintains membership in appropriate professional organizations and publications. • Attends meetings, seminars and conferences and maintains continuity of any required or desirable certifications, if applicable.

• Join a team of high character, high talent individuals • Design, deploy and optimize innovative technical controls to detect and prevent security incidents • Engineer custom detection logic, integrate threat intelligence, automate with SOAR, and design Agentic AI security operations playbooks • Contributed or lead incident response efforts, including tabletop exercises • Collaborate across teams to integrate security best practices into products and processes • Conduct thesis-driven threat hunts across forensic data lakes • Continuously research the threat landscape and commit to your professional self-deployment with guaranteed work time and training budget • This position includes rotational on-call responsibilities; Not brutal-the workload is reasonable and shared across the team

• Advise on and assess the security posture of AI/ML systems, including LLMs, GenAI pipelines, and model serving infrastructure • Lead threat modeling exercises specific to AI workloads • Advise internal teams on securely integrating SaaS AI services and APIs • Evaluate and recommend controls for data ingestion pipelines, RAG architectures, and vector databases • Serve as a trusted security advisor bridging business stakeholders, AI/ML engineers, IT operations, and information security teams • Continuously track emerging AI security research, adversarial techniques, regulatory developments, and vendor security advisories • Produce and maintain security architecture documentation, risk assessments, control frameworks, and guidelines tailored to the organization's AI environment • Contribute to the development of a long-term AI security strategy • Develop and deliver training and awareness content for technical and non-technical stakeholders on AI-specific risks