Information System Security Officer

About us : At Octave we take great pride in serving the government mission and the citizens of our country. We provide digital services to the US federal government including agile software development, human centered design, cloud services, data analytics, AI/ML. We are a purpose-driven organization that puts employees first. We support a work culture that is fun, friendly and creative. The Role We are seeking an experienced Information System Security Officer (ISSO) to support a large-scale IT modernization project for the Centers for Medicare & Medicaid Services (CMS). The ISSO will play a critical role in ensuring that security requirements are integrated throughout the system development lifecycle, and that all activities comply with CMS ARS, FISMA, NIST 800-53, and FedRAMP guidelines. This hire is contingent upon contract award. This is a hybrid position requiring 3 days / week in office, and the candidate must reside in the Washington DC/Baltimore metropolitan area. Responsibilities: Serve as the primary security liaison between the project team and CMS security stakeholders. Lead the development and maintenance of system security documentation, including System Security Plans (SSP), Security Assessment Reports (SAR), Plan of Action and Milestones (POA&M), and Contingency Plans. Support Authority to Operate (ATO) efforts and annual security assessments in collaboration with the CMS ISSO and security assessors. Conduct risk assessments and implement mitigation strategies in coordination with the DevSecOps and engineering teams. Monitor security controls using continuous monitoring tools and practices; respond to security incidents and vulnerability findings. Ensure compliance with CMS policies, the CMS Acceptable Risk Safeguards (ARS), and NIST SP 800-37 Risk Management Framework (RMF). Work closely with developers, engineers, and cloud architects to advise on secure implementation of cloud services and infrastructure (e.g., AWS, Azure). Participate in Technical Review Board (TRB) and Change Control Board (CCB) meetings. Support documentation for CMS audits and data calls. Qualifications: U.S. Citizenship 5+ years of ISSO experience supporting federal government programs Deep knowledge of NIST 800-53, FISMA, FedRAMP, and CMS ARS Experience supporting Authority to Operate (ATO) processes and developing Risk Management Framework (RMF) documentation Strong understanding of cloud security in federal environments Excellent communication skills and the ability to interact with stakeholders across technical and non-technical disciplines Preferred Qualifications: Experience supporting CMS or other HHS Operating Divisions Familiarity with CMS security tools (e.g., Nessus, Qualys, Splunk) Active Security+ or CISSP certification Experience with Agile or DevSecOps environments Working knowledge of CDM, TIC 3.0, and Zero Trust Architecture principles Education: Bachelor's degree in a related field (e.g., Computer Science, Engineering). Benefits: Comprehensive Health insurance with Medical, Dental and Vision coverage 401K retirement plan with immediate vesting of employer match Paid Time Off (PTO) Basic Life Insurance - Fully funded by employer Fringe benefits Hiring practices Octave Technologies is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We participate in E-Verify. Upon hire, we will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S. This role is required to work from the contiguous United States.

#J-18808-Ljbffr