Information System Security Officer

MANTECH is seeking a dedicated and experienced Senior Information System Security Officer (ISSO) to join our team in Washington, DC. This is remote but candidate must live within the Washington DC Metro area.

This is a hands-on ISSO role with a primary focus on Security Controls Assessment (SCA) and Information System Continuous Monitoring (ISCM). While you will support general RMF and A&A activities, your main responsibility will be executing the high-priority ISCM program and performing hands-on security control assessments to validate control implementation and address OIG findings.

Responsibilities include but are not limited to:

• Execute and mature the ISCM program in accordance with NIST SP 800-137.
• Produce FISMA System Quarterly Continuous Monitoring Report(s)and maintain and update ISCM Dashboards and Reports.
• Perform hands-on security controls assessments to validate control implementation and effectiveness.
• Develop and deliver formal Security Assessment Plans (SAP) and Security Assessment Reports (SAR).
• Support the Task Lead in addressing OIG findings by conducting targeted assessments and gathering evidence.
• Review Change Request Reviews and track and report on POA&M Metrics & Reports.
• Maintain the SA&A Project List. And assist in drafting and maintaining Standard Operating Procedures (SOP) and other A&A artifacts (RBDs, RAMs) on a best-effort basis.

Minimum Qualifications:

• At least 5+ years of experience as an ISSO or in a similar cybersecurity role, with a strong background in government or DoD environments.
• Demonstrated experience and SME-level knowledge of NIST SP 800-137 (Information System Continuous Monitoring).
• Proven experience with the NIST RMF, including NIST SP 800-30, 800-37, 800-53, and 800-53A.
• Demonstrated hands-on experience performing security controls assessments.
• Experience creating Security Assessment Plans and Security Assessment Reports.
• Experience with interpreting data from vulnerability scanning tools (e.g., Tenable, Qualys).
• Understanding of network architectures, including SaaS, IaaS, or PaaS environments.

Preferred Qualifications:

• 1+ years of experience with a GRC tool (such as CSAM).
• Experience with Q-Compliance and/or Q-Audit.
• Experience with API testing and/or scripting and automation.
• Relevant industry certifications (e.g., CISA, CAP, CISSP, Security+).

Clearance Requirement:

• Must be a U.S. Citizen and be able to obtain and maintain a Public Trust security clearance prior to starting this position.

Physical Requirements:

• Must be able to remain in a stationary position 50%
• Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine and computer printer.