ISSO- Top Secret Clearance- DHS

Zachary Piper Solutions is seeking an ISSO to manage all aspects of security for assigned National Security Systems (NSS) to ensure the data stored, processed, and transmitted by the assigned system(s) is protected in accordance with the appropriate Agency policies and NIST 800-53 security controls. This position is fully onsite in Bluemont, VA.

Active Top Secret Clearance Required

Responsibilities

• Assess DHS NSS systems and provide recommendations for mitigating cyber risk.
• Utilize National Security Cyber Division (NSCD)-authorized tools to track compliance activities, approvals, and reporting.
• Create business-focused compliance reports detailing mission impact, asset evaluations, risk recommendations, and mitigation plans.
• Maintain documentation for all NSS compliance activities, including CISO and I&A requests.
• Monitor and review POAMs to ensure timely mitigation and closure.
• Analyze continuous monitoring, configuration management, vulnerability management, asset management, software management and self-reported data to identify risk and work with System Teams to develop a plan to mitigate security risk for assigned system(s).
• Provide analysis and feedback on security artifacts (SSPs, CPs, MOUs, MOAs, ISAs).
  • Provide analysis and feedback on DHS security artifacts when assigned to NSCD, to include but not limited to Memorandum of Understandings (MOU), Memorandum of Agreements (MOA), and Interconnection Security Agreements (ISA).
• Support internal and external audits (e.g., FISMA, GAO, OIG).
  • Provide responses in support of audits related to cybersecurity, including but not limited to FISMA Audits, Internal Control audits of Financial Systems, and external audit requests received from entities such as the General Accountability Office (GAO) or Office of the Inspector General (OIG).
• Compile data to support analysis and reporting in support of cyber risk compliance activities and activities stemming from Cybersecurity Supply Chain Risk Management (CSCRM).
• Create and maintain documentation from all NSS-related compliance activities, to include any incoming Chief Information Security Officer (CISO) and Information and Analysis (I&A) requests for information.

Basic Qualifications

• Must have at least one of these certifications - CISSP or CISA
• Must have Top Secret clearance and ability to obtain agency specific suitability.
• 5 years of related experience with Bachelor's degree or 8 years of overall related experience in a relevant field
• 1 year of experience assessing security controls in accordance with NIST 800-53 in/ in support of the Federal Government to include evaluating and validating security controls for NSS systems.
• 3 years of experience as an Information System Security Office (ISSO) in/ in support of the Federal government, developing and maintaining comprehensive System Security Plans (SSPs) (Sections 1 & 2), Contingency Plans (CPs), Contingency Plan Tests (CPTs), Privacy Impact Assessments (PIAs), and Privacy Threshold Analyses (PIA), and Business Impact Assessments (BIAs). In accordance with NIST guidance.
• 1 year of experience with NIST SP 800-53, 800-37, CNSSI 1253, DHS 4300A/B
• 3 years' experience documenting POA&Ms and managing the entire POA&M lifecycle, from open to closure.
• 3 years' experience executing continuous monitoring activities, including those supporting vulnerability management and configuration management.
• 3 years' experience with government GRC tools such as Archer, IACS, CSAM, etc.

Preferred Qualifications

• 2 years of experience assessing security controls in accordance with NIST 800-53 in/ in support of the Federal Government to include evaluating and validating security controls for NSS systems.
• 5 years of experience as an Information System Security Office (ISSO) in/ in support of the Federal government, developing and maintaining comprehensive System Security Plans (SSPs) (Sections 1 & 2), Contingency Plans (CPs), Contingency Plan Tests (CPTs), Privacy Impact Assessments (PIAs), and Privacy Threshold Analyses (PIA), and Business Impact Assessments (BIAs). In accordance with NIST guidance.

Compensation:

$150,000 - $160,000 ** depending on experience and degree**

Full Benefits -Medical, Dental, Vision, 401K, Paid Holidays, PTO, Sick Leave if required by law

This job opens for applications on 10/20/2025. Applications for this job will be accepted for at least 30 days from the posting date

#LI-Onsite

#LI-GC2

Key words: Information Assurance, IA, Risk Management Framework, RMF, Security Authorization, A&A, Continuous Monitoring, Security Controls Assessment, SCA, Incident Response, Vulnerability Management, Security Compliance, security, ISSO, information systems security officer, ISSM, ISSE, information systems security manager, information systems security expert, System Security Plan, SSP, Plan of Action and Milestones, POA&M, NIST, NIST SP 800-53, 800-37, 800-171, FISMA, Compliance, STIGs, Security Technical Implementation Guides, SIEM, Splunk, ArcSight, cyber, cybersecurity, cyber security, CISSP, CISA, DHS, Department of Homeland security, Archer, CSAM, National Cyber Security Division, NCSD, NSS, National Security systems, Network Security, Endpoint Protection, Encryption Standards, Firewalls, IDS, IPS, Cloud Security, AWS, Azure, FedRAMP, ), Contingency Plans, CPs, Contingency Plan Tests, CPTs, Privacy Impact Assessments, PIAs, Privacy Threshold Analyses, PIA, Business Impact Assessments, BIAs