ISSO

ASRC Federal is a leading government contractor furthering missions in space, public health and defense. As an Alaska Native owned corporation, our work helps secure an enduring future for our shareholders. Join our team and discover why we are a top veteran employer and Certified Great Place to Work™

ASRC Federal is looking for an Information Systems Security Officer (ISSO) responsible for ensuring the confidentiality, integrity, and availability of information systems by implementing and maintaining security controls in compliance with organizational policies, federal regulations, and industry standards. The ISSO serves as a key member of the cybersecurity team, overseeing the security posture of assigned systems, conducting risk assessments, and ensuring compliance with frameworks such as NIST, FISMA, and FedRAMP.

Hybrid work schedule (onsite at least 3 days a week, Washington, DC)

Responsibilities:

• System Security Management:
• Develop, implement, and maintain System Security Plans (SSPs) for assigned information systems.
• Monitor and evaluate system security controls to ensure compliance with organizational and regulatory requirements.
• Conduct regular security assessments, vulnerability scans, and audits to identify and mitigate risks.
• Risk Assessment and Mitigation:
• Perform risk assessments and develop risk mitigation strategies in accordance with NIST 800-53 or other applicable standards.
• Coordinate with system owners and stakeholders to address security vulnerabilities and implement corrective actions.
• Maintain Plan of Actions and Milestones (POA&M) to track and resolve security weaknesses.
• Compliance and Reporting:
• Ensure systems comply with federal regulations (e.g., FISMA, FedRAMP) and organizational policies.
• Prepare and submit security documentation, including Authorization to Operate (ATO) packages, to authorizing officials.
• Provide regular reports on system security status, incidents, and compliance to leadership and auditors.
• Incident Response and Recovery:
• Support incident response activities, including identification, containment, and remediation of security incidents.
• Document and report security incidents in accordance with organizational incident response plans.
• Participate in tabletop exercises and post-incident reviews to improve security processes.

Required Skills:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience).
• 10+ years of experience in cybersecurity, information assurance, or a related field.
• Experience with security frameworks such as NIST 800-53, FISMA, and FedRAMP.
• Prior experience as an ISSO or in a similar role supporting system security authorization processes.
• Certifications:
• Preferred certifications include CISSP, CISM, CompTIA Security+, CAP, or other relevant cybersecurity certifications.
• Skills and Abilities:
• Strong knowledge of cybersecurity principles, risk management, and security controls.
• Proficiency in security tools (e.g., Nessus, Splunk, or similar).
• Excellent analytical, problem-solving, and communication skills.
• Ability to work independently and collaboratively in a fast-paced environment.
• Clearance: Ability to obtain a DOE Q Clearance

We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law.

EEO Statement

ASRC Federal and its Subsidiaries are Equal Opportunity employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.