Information Systems Security Officer (ISSO)

The Information Systems Security Officer (ISSO) plays a critical role in ensuring the secure operation of federal information systems. This position requires deep technical and procedural knowledge to guide systems through the full lifecycle of the Risk Management Framework (RMF), ensuring compliance with NIST, FISMA, FedRAMP, and agency-specific guidelines.
Key Responsibilities:

• Lead and execute all seven steps of the RMF process (Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor) from cradle to grave.
• Define RMF components and articulate their relevance in federal cybersecurity operations.
• Provide strategic insight into the 'why' behind each RMF step to align with compliance and risk management goals.
• Apply technical acumen to understand system architecture and security controls, offering accurate guidance and troubleshooting.
• Conduct impact analysis and translate technical findings into actionable risk-based recommendations for decision-makers, including CISA.
• Maintain and update security documentation including SSPs, POA&Ms, SARs, and ISCPs.
• Coordinate with system owners, administrators, and external agencies to ensure secure system interconnectivity and compliance.
• Support continuous monitoring activities including vulnerability scanning, configuration management, and incident response.
• Participate in configuration control boards and assess the security impact of system changes.
• Assist in developing and maintaining security policies and procedures throughout the system lifecycle.

Preferred Qualifications:

• Bachelor's or Master's degree in Computer Science, Information Systems, Cybersecurity, or related field.
  
  • Associate's degree → +3 years experience to meet a Bachelor's degree requirement
• Minimum of 10 years of experience in IT or Information Security.
• DOD 8570 Level I certification or ability to obtain within six months.
• Experience with FedRAMP packages and cloud security configurations (AWS, Azure).
• Background in system administration to support technical understanding of environments.

TS/SCI with polygraph is required.