Posted 1 month ago
Secret
Mid Level Career (5+ yrs experience)
$120,000 - $130,000
Occasional travel
IT - Security
Charleston, SC (On-Site/Office)
Position Title: Information System Security Officer (ISSO)
Status: Permanent
Location: Charleston, SC or New Orleans, LA on-site
Modus21, LLC is a Charleston, South Carolina based small business and technology consulting firm specializing in solving complex business problems for global business and government clients. Our philosophy is simple – deliver quality through high performance to our clients; provide value to our clients through the ability to streamline, measure, and improve their business processes via business intelligence and business architecture; and practice professional integrity by being trustworthy and reliable. Our expertise has proven highly successful in helping organizations recognize greater value by aligning their strategy and objectives to technology and execution.
Scope of Work: The Naval Information Warfare Center Atlantic (NIWC LANT) Cloud Computing Innovation, Transformation, and Integration (CLOUD CITI) Division is tasked with providing hosting environments and platforms for Navy applications, as well as other DoD and Homeland Security (HLS) applications utilizing both Component Enterprise Data Centers (CEDCs) and Commercial Cloud Service Providers (CSPs) as hosting platforms. The Information System Security Officer (ISSO) serves as the senior cybersecurity authority within the ServiceNow as a Service (SNaaS) program under the Cloud CITI initiative. This position ensures that the SNaaS platform meets and maintains all security and compliance requirements under the Risk Management Framework (RMF) to support the program’s ATOaaS authorization.
The Security Lead functions as the primary author and custodian of all RMF security documentation and acts as the program’s representative for all governance activities — including Change Control Boards (CCB), Request for Change (RFC) processes, and cyber-related incident and risk management reviews. This role bridges the gap between technical implementation, customer security requirements, and enterprise risk management, ensuring the SNaaS platform operates securely, compliantly, and efficiently.
Responsibilities:
Security Artifact Development & Management
• Author, maintain, and version-control all RMF security documentation (e.g., SSPs, SARs, POA&Ms).
• Conduct detailed technical risk assessments for all ServiceNow version upgrades and platform changes.
• Compile and validate comprehensive evidence packages to support NIST 800-53 control compliance and eMASS submissions.
Governance & Stakeholder Engagement
• Serve as the principal technical security representative in governance forums (CCB, ISSM briefings, RMF reviews).
• Present, defend, and document all change requests and risk justifications.
• Liaise directly with enterprise RMF teams to ensure accurate and timely submission of all authorization materials.
Customer Security Request Management
• Lead the review and approval process for all customer-initiated security requests (admin access, new data types, external connections, plug-ins).
• Formulate and present the official security position for approval authorities.
Programmatic Security Integration
• Advise project managers, developers, and administrators on secure configuration and design practices.
• Oversee incident response activities and coordinate customer-facing security communications.
• Act as the “security conscience” of the SNaaS program to embed compliance across development and operations.
Requirements/Experience:
• Bachelor’s degree or Master’s degree in Cybersecurity, Engineering, or related area
• Required Certification(s): Security +, CASP, or CISSP
• Preferred Certification(s): CAP (Certified Authorization Professional), ITIL v4 Foundation, ServiceNow Certified System Administrator (CSA)
• 7+ years of hands-on cybersecurity experience with emphasis on RMF system authorization and compliance
• Proven expertise in authoring and managing full RMF packages (SSP, SAR, POA&M)
• Deep knowledge of NIST 800-53 control families and their validation process
• Experience with eMASS and governance presentation forums (e.g., CCB)
• Strong analytical capability to assess technical risks and translate findings into business term
• Experience working in a cloud environment
• Ability to operate independently in a fast-paced, high-stakes environment
• Familiarity with ServiceNow (particularly ITSM modules) preferred but not required
• Must be a US citizen
• Must hold or be able to obtain a Department of Defense (DoD) Secret Security Clearance
Status: Permanent
Location: Charleston, SC or New Orleans, LA on-site
Modus21, LLC is a Charleston, South Carolina based small business and technology consulting firm specializing in solving complex business problems for global business and government clients. Our philosophy is simple – deliver quality through high performance to our clients; provide value to our clients through the ability to streamline, measure, and improve their business processes via business intelligence and business architecture; and practice professional integrity by being trustworthy and reliable. Our expertise has proven highly successful in helping organizations recognize greater value by aligning their strategy and objectives to technology and execution.
Scope of Work: The Naval Information Warfare Center Atlantic (NIWC LANT) Cloud Computing Innovation, Transformation, and Integration (CLOUD CITI) Division is tasked with providing hosting environments and platforms for Navy applications, as well as other DoD and Homeland Security (HLS) applications utilizing both Component Enterprise Data Centers (CEDCs) and Commercial Cloud Service Providers (CSPs) as hosting platforms. The Information System Security Officer (ISSO) serves as the senior cybersecurity authority within the ServiceNow as a Service (SNaaS) program under the Cloud CITI initiative. This position ensures that the SNaaS platform meets and maintains all security and compliance requirements under the Risk Management Framework (RMF) to support the program’s ATOaaS authorization.
The Security Lead functions as the primary author and custodian of all RMF security documentation and acts as the program’s representative for all governance activities — including Change Control Boards (CCB), Request for Change (RFC) processes, and cyber-related incident and risk management reviews. This role bridges the gap between technical implementation, customer security requirements, and enterprise risk management, ensuring the SNaaS platform operates securely, compliantly, and efficiently.
Responsibilities:
Security Artifact Development & Management
• Author, maintain, and version-control all RMF security documentation (e.g., SSPs, SARs, POA&Ms).
• Conduct detailed technical risk assessments for all ServiceNow version upgrades and platform changes.
• Compile and validate comprehensive evidence packages to support NIST 800-53 control compliance and eMASS submissions.
Governance & Stakeholder Engagement
• Serve as the principal technical security representative in governance forums (CCB, ISSM briefings, RMF reviews).
• Present, defend, and document all change requests and risk justifications.
• Liaise directly with enterprise RMF teams to ensure accurate and timely submission of all authorization materials.
Customer Security Request Management
• Lead the review and approval process for all customer-initiated security requests (admin access, new data types, external connections, plug-ins).
• Formulate and present the official security position for approval authorities.
Programmatic Security Integration
• Advise project managers, developers, and administrators on secure configuration and design practices.
• Oversee incident response activities and coordinate customer-facing security communications.
• Act as the “security conscience” of the SNaaS program to embed compliance across development and operations.
Requirements/Experience:
• Bachelor’s degree or Master’s degree in Cybersecurity, Engineering, or related area
• Required Certification(s): Security +, CASP, or CISSP
• Preferred Certification(s): CAP (Certified Authorization Professional), ITIL v4 Foundation, ServiceNow Certified System Administrator (CSA)
• 7+ years of hands-on cybersecurity experience with emphasis on RMF system authorization and compliance
• Proven expertise in authoring and managing full RMF packages (SSP, SAR, POA&M)
• Deep knowledge of NIST 800-53 control families and their validation process
• Experience with eMASS and governance presentation forums (e.g., CCB)
• Strong analytical capability to assess technical risks and translate findings into business term
• Experience working in a cloud environment
• Ability to operate independently in a fast-paced, high-stakes environment
• Familiarity with ServiceNow (particularly ITSM modules) preferred but not required
• Must be a US citizen
• Must hold or be able to obtain a Department of Defense (DoD) Secret Security Clearance
group id: RTX166ecb
