Bachelor's degree in Cybersecurity, Information Technology, or related field
10+ years of experience in ISSO, cybersecurity compliance, or risk management roles
Experience managing POAMs in federal environments
Strong knowledge of NIST RMF, FISMA, and federal compliance frameworks
Requirements:
Develop, manage, and maintain POAMs for audit findings, vulnerabilities, and security deficiencies; track remediation from identification through closure
Coordinate with system owners, engineers, SOC teams, and stakeholders to resolve POAM items; review corrective actions for effectiveness and federal compliance
Maintain POAM tracking in systems such as ServiceNow and audit platforms; provide regular reporting and dashboards on POAM status, risk posture, overdue items, and remediation trends
Support audits and risk management activities, including NFRs, risk acceptance processes, continuous monitoring, and alignment with NIST RMF and FISMA
Job description
cFocus Software seeks a POA&M Manager / Sr. ISSO to join our program supporting Housing and Urban Development (HUD). This position is remote. This position requires a Public Trust clearance. Qualifications:
Bachelor’s degree in Cybersecurity, Information Technology, or related field.
10+ years of experience in ISSO, cybersecurity compliance, or risk management roles.
Experience managing POA&Ms in federal environments.
Strong knowledge of NIST RMF, FISMA, and federal compliance frameworks.
Duties:
Develop, manage, and maintain POA&Ms for audit findings, vulnerabilities, and security deficiencies.
Track remediation activities from identification through closure, ensuring accountability and timeliness.
Coordinate with system owners, engineers, SOC teams, and stakeholders to resolve POA&M items.
Review and validate corrective actions to ensure effectiveness and compliance with federal standards.
Support audit activities by documenting findings, preparing responses, and maintaining audit evidence repositories.
Track and manage Notice of Findings and Recommendations (NFRs) and ensure remediation is documented and completed.
Maintain POA&M tracking within systems such as ServiceNow and audit tracking platforms.
Provide regular reporting on POA&M status, risk posture, overdue items, and remediation trends.
Develop and maintain audit dashboards and reports reflecting compliance status and remediation progress.
Support risk acceptance processes and coordinate documentation for residual risk decisions.
Ensure POA&Ms align with NIST RMF, FISMA, and federal cybersecurity mandates.
Participate in continuous monitoring activities, including vulnerability management and control assessments.
Assist in preparation and execution of FISMA and financial system audits.
Serve as a liaison between auditors and technical teams to ensure timely and accurate responses.
Conduct follow-up assessments to validate sustained compliance after remediation efforts.
