Information Systems Security Officer, Isso, Authority to Operate & Compliance

At Broadway Ventures, we transform challenges into opportunities with expert program management, cutting-edge technology, and innovative consulting solutions. As an 8(a), HUBZone, and Service-Disabled Veteran-Owned Small Business (SDVOSB), we empower government and private sector clients by delivering tailored solutions that drive operational success, sustainability, and growth. Built on integrity, collaboration, and excellence, we’re more than a service provider—we’re your trusted partner in innovation. We are seeking an experienced System Security Officer (SSO) to support the CMS Review and Validation Contractor (RVC) Program. This role is responsible for ensuring all systems meet CMS business partner security requirements, including obtaining and maintaining the Authority to Operate (ATO) and participating in all phases of the Security Assessment and Authorization (SA&A) process. The SSO ensures full compliance with federal and CMS information security standards, including IOM Pub. 100-17 and the CMS Business Partner System Security Manual (BPSSM). This position may also provide security oversight for additional lines of business. Key Responsibilities • Lead efforts to obtain, maintain, and renew the Authority to Operate (ATO) for CMS systems. • Oversee and participate in the Security Assessment and Authorization (SA&A) process. • Ensure all RVC systems maintain compliance with CMS information security requirements and federal cybersecurity frameworks. • Implement and monitor adherence to the CMS Business Partner System Security Manual (BPSSM) and IOM Pub. 100-17. • Develop, manage, and enforce IT security policies, procedures, and protocols. • Conduct continuous monitoring, vulnerability assessments, and risk mitigation planning. • Prepare documentation, security artifacts, and reports for CMS audits and reviews. • Collaborate with technical teams, leadership, and CMS security personnel to ensure secure system operations. • Support security incident response, reporting, and remediation activities. • Provide subject matter expertise for additional programs or business lines as needed. Required Qualifications • Minimum 3 years of hands-on experience with IT system security policies, procedures, and practices in large organizations. • Practical experience supporting federal cybersecurity requirements, SA&A, or RMF-based compliance programs. • Strong understanding of ATO processes, federal security controls, and continuous monitoring requirements. Education & Certifications • Bachelor’s degree in an Information Technology, Cybersecurity, Computer Science, or related field from an accredited institution. • Must be a credentialed Information Systems Security Professional (e.g., CISSP, CAP, CISM*, etc.). • CISSP is most strongly aligned with CMS expectations. Preferred Skills • Experience supporting CMS, HHS, or other federal healthcare security programs. • Working knowledge of NIST RMF, FISMA, and federal cybersecurity standards. • Strong communication, documentation, and stakeholder collaboration skills. • Ability to manage multiple priorities and security initiatives simultaneously. Why Join Us • Opportunity to play a critical role in protecting systems supporting the Medicare program. • Work in a mission-driven environment focused on compliance, security, and public service. • Competitive compensation and comprehensive benefits package. How to Apply Submit your resume highlighting your ATO/SA&A experience, federal security expertise, and cybersecurity credentials. What to Expect Next: After submitting your application, our recruiting team members will review your resume to ensure you meet the qualifications. This may include a brief telephone interview or email communication with a recruiter to verify resume specifics and discuss salary requirements. Management will be conducting interviews with the most qualified candidates. We perform a background and drug test prior to the start of every new hires' employment. In addition, some positions may also require fingerprinting. Broadway Ventures is an equal-opportunity employer and a VEVRAA Federal Contractor committed to providing a workplace free from harassment and discrimination. We celebrate the unique differences of our employees because they drive curiosity, innovation, and the success of our business. We do not discriminate based on military status, race, religion, color, national origin, gender, age, marital status, veteran status, disability, or any other status protected by the laws or regulations in the locations where we operate. Accommodations are available for applicants with disabilities. Apply tot his job Apply tot his job