Senior Information System Security Officer (ISSO)

Graham Technologies is seeking a Senior Information System Security Officer (ISSO) who will support the security posture of highly sensitive information systems by developing, implementing, and maintaining robust cybersecurity programs aligned with federal regulations and organizational policies. This role ensures compliance with security standards, facilitates accreditation efforts, and mitigates risks in classified IT environments through proactive monitoring, assessment, and governance.

Location: Vienna, Virginia

Key Responsibilities:

• Security Governance and Policy Compliance
  • Identify, assess, and recommend updates to security policies, standards, and procedures to ensure alignment with federal regulations and organizational objectives.
  • Ensure compliance with our customers' security regulations, National Institute of Standards and Technology (NIST) controls, and FISMA.
  • Maintain comprehensive documentation related to security policies, procedures, standards, configurations, and incidents.
• Risk & Vulnerability Management
  • Conduct risk and vulnerability assessments to identify, evaluate, and prioritize security risks across enterprise systems.
  • Perform regular vulnerability and compliance scans; analyze findings and collaborate with stakeholders to implement mitigation strategies.
  • Configure and execute Nessus scans and interpret results for inclusion in POA&M (Plan of Actions and Milestones) and risk assessments.
• Security Operations
  • Implement and manage security controls across all network environments and information systems.
  • Design and validate security controls to support secure system architecture and configurations.
  • Operate within the NIST Risk Management Framework (RMF), supporting all six steps and ensuring continuous monitoring.
• Incident Response
  • Develop, maintain, and execute the organization's Security Incident Response Plan, including detection, containment, and recovery procedures.
  • Provide timely and detailed reporting on security events, incidents, and response efforts.
• Stakeholder Collaboration & Reporting
  • Participate in security governance boards, audits, and technical security meetings.
  • Provide management with regular reports on the organization's cybersecurity posture, risk status, compliance updates, and remediation actions.
• Security Engineering Support
  • Support the development and maintenance of ATO (Authorization to Operate) packages and related documentation.
  • Design and implement internal security policies, agency standards, and processes to enhance protection mechanisms.

Required Skills:

• Must possess active DoD Top Secret/SCI CI Poly
• Minimum 5 years of dedicated ISSO or cybersecurity experience.
• At least one of the following certifications: CISSO, CISA, CISM, CISSP.
• Security Knowledge:
  • Deep understanding of NIST, ISO 27001, and CIS Controls.
  • Proven expertise in incident management, RMF (Steps 1-6), and continuous monitoring
  • Experience with vulnerability assessment tools (e.g., Nessus), SIEMs, firewalls, IDS/IPS.
  • Familiarity with security technologies, encryption, and key management.
  • Knowledge of Windows and Linux OS security features and hardening techniques.
  • Strong grasp of network architecture, protocols, and secure system configurations.
  • Hands-on experience designing, implementing, and reviewing security policies and procedures.
  • Capability to manage operations in a 24/7 secure IT environment.

Compensation:

At Graham Technologies, we believe in treating everyone with fairness and respect. Our compensation package is designed to ensure fair pay for work, reflecting our commitment to integrity.

Many IT companies offer similar services, but what truly sets us apart is our people! We care deeply about our employees and consistently show our appreciation-not just for the final outcomes, but also for the effort and dedication shown every step of the way. Additionally, our generous benefits package supports our team members in living fulfilling and prosperous lives.

Here are just a few highlights of what we offer:

• Four Weeks of Accrued PTO in the First Year
• Eleven Paid Federal Holidays
• Comprehensive Health, Dental, Vision, and Life Insurance
• 401(k) Plan with Annual Employer Contributions
• Flexible Schedules
• Reimbursements for Continued Education and Training

Why Graham Technologies?

Our core values define who we are:

• Value our Customers
• Care about our Employees
• Passionate about Innovation
• Believe in a Strong Work Ethic
• Rely on Teamwork
• Integrity Matters

Founded in 2007, GTech is a consulting services firm passionate about delivering tailored solutions that meet our clients' needs and maximize the value of their investments. We achieve this by providing top-notch professionals across the IT industry. Our team embodies integrity, commitment, and reliability, which are at the heart of everything we do.

We are also dedicated to fostering a culture of support for our employees-the lifeblood of our business. At Graham Technologies, we've built a family-oriented environment where team members are encouraged to maintain a healthy work-life balance, pursue their passions, and grow professionally through flexible schedules, continued education, and a strong sense of community.