Posted today
Secret
Senior Level Career (10+ yrs experience)
Unspecified
IT - Security
Arlington, VA (On-Site/Office)•Merrifield, VA (On-Site/Office)
Job Summary:
The Information Systems Security Officer (ISSO) is responsible for ensuring the secure operation of assigned information systems in compliance with organizational policies, client requirements, and federal cybersecurity standards such as NIST, FISMA, FedRAMP, and RMF. The ISSO supports authorization and assessment activities, maintains continuous monitoring programs, and responds to incidents to safeguard the confidentiality, integrity, and availability of systems and data.
Serving as the principal advisor to the Information System Owner (ISO) and the Chief Information Security Officer (CISO), the ISSO provides subject matter expertise on all security matters related to assigned systems. This includes supporting development of and maintaining security documentation, coordinating with technical staff and external partners, as well as ensuring that security controls remain effective throughout the system lifecycle. The ISSO plays a central role in authorization activities (RMF Steps 1–6) ensuring that information systems remain compliant, resilient, and aligned with federal and agency policy.
Duties and Responsibilities:
1. The ISSO ensures compliance with cybersecurity standards and manages system risk.
• Ensure assigned systems comply with NIST, FISMA, FedRAMP, and agency frameworks, regulations, and guidance.
• Conduct risk assessments and support the development of mitigation plans.
• Assist in creation of and validation of System Security and Privacy Plans (SSPPs).
• Validate security controls implementation in accordance with RMF requirements.
• Support the Assessment and Authorization (A&A) process.
2. The ISSO supports developing, maintaining, managing security documentation and reporting.
• Prepare and maintain SSPs, SARs, POA&Ms, ISCPs, IRPs, CMPs, and related artifacts.
• Track and manage POA&Ms to address vulnerabilities and deficiencies.
• Generate system security status reports and metrics for leadership and auditors.
• Ensure documentation is accurate, current, and aligned with agency requirements.
• The ISSO conducts security monitoring and supports incident response activities.
• Conduct system log reviews, monitor system activity for abnormal behavior or potential compromise.
• Review, analyze, and report on vulnerability and compliance scan results.
• Ensure continuous monitoring of implemented security controls.
• Participate in incident response activities, including investigation, reporting, and after-action documentation.
• The ISSO coordinates with stakeholders and communicates system security requirements.
• Collaborate with ISOs, ISSMs, system administrators, engineers, and other stakeholders.
• Serve as a liaison with auditors, assessors, and external agencies during reviews.
• Provide security training and awareness to system owners & users as needed.
• Support contingency planning, testing, and disaster recovery activities.
• The ISSO assists in developing, recommending, and validating security policies and procedures.
• Contribute to the development and review of cybersecurity policies and procedures.
• Ensure systems are operated, maintained, and disposed of in compliance with policy.
• Support supply chain risk management requirements and validate use of third-party software.
• The ISSO supports system security throughout the full system development lifecycle.
• Provide advice on security requirements and architecture during design, development, and deployment for on-premises, hybrid, and cloud systems.
• Ensure controls remain effective through operations, sustainment, and system disposal.
• Reviews, recommends, and validates configuration and change management requests for assigned systems.
• Participates in Configuration Control Boards (CCBs).
• Review and assess the security impact of proposed system changes.
• Ensure security reviews are documented and follow established policy.
• The ISSO fulfills general responsibilities to ensure compliance and support oversight.
• Maintain positive working relationships with technical teams and stakeholders.
• Ensure security authorization and assessment activities are executed in accordance with policy and procedures.
• Support development of BIAs, PIAs, ISAs, and MOUs/A as required.
• Maintain current information in the client's Assessment & Authorization (A&A) tool (e.g., JCAM).
• Participate in security audits, assessments, and exercises.
• Report incidents, risks, and issues to ISSMs, CISOs, and other stakeholders.
• Complete required annual training and certifications.
• Support other duties as assigned by ISSMs or the CISO.
Basic Qualifications:
• Master’s degree in any of the following disciplines (Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science), from an ABET accredited or CAE designated institution fulfills the educational requirement for this WRC.
• One-and-one- half (1.5) years of additional experience can substitute for one (1) year of a typical degree program.
• Minimum 10 years of experience in Information Technology (IT) and/or Information Security (IS).
• DoD 8140 certification for their respective area or the ability to obtain certification within six (6) months of onboarding.
• Active Secret Security Clearance
Preferred Qualifications:
• Security Control Assessor intermediate certifications:
• CCISO, CISSP, or CISSP-ISSEP
• CISA, or CISM
• CPTE or CySA+
• FITSP-A
• GCSA, GSLC, or GSNA
• Information System Security Manager (ISSM)
• SASP, SSCP
• CCISO, CCSP, CISSP-ISSMP
• CGRC/CAP
• CISM
• CompTIA: Cloud+, Security+ CE, Security X
• FITSP-M
• SANS: GCIA, GCIH,GCSA, GICSP, GSEC, or GSLC
The Information Systems Security Officer (ISSO) is responsible for ensuring the secure operation of assigned information systems in compliance with organizational policies, client requirements, and federal cybersecurity standards such as NIST, FISMA, FedRAMP, and RMF. The ISSO supports authorization and assessment activities, maintains continuous monitoring programs, and responds to incidents to safeguard the confidentiality, integrity, and availability of systems and data.
Serving as the principal advisor to the Information System Owner (ISO) and the Chief Information Security Officer (CISO), the ISSO provides subject matter expertise on all security matters related to assigned systems. This includes supporting development of and maintaining security documentation, coordinating with technical staff and external partners, as well as ensuring that security controls remain effective throughout the system lifecycle. The ISSO plays a central role in authorization activities (RMF Steps 1–6) ensuring that information systems remain compliant, resilient, and aligned with federal and agency policy.
Duties and Responsibilities:
1. The ISSO ensures compliance with cybersecurity standards and manages system risk.
• Ensure assigned systems comply with NIST, FISMA, FedRAMP, and agency frameworks, regulations, and guidance.
• Conduct risk assessments and support the development of mitigation plans.
• Assist in creation of and validation of System Security and Privacy Plans (SSPPs).
• Validate security controls implementation in accordance with RMF requirements.
• Support the Assessment and Authorization (A&A) process.
2. The ISSO supports developing, maintaining, managing security documentation and reporting.
• Prepare and maintain SSPs, SARs, POA&Ms, ISCPs, IRPs, CMPs, and related artifacts.
• Track and manage POA&Ms to address vulnerabilities and deficiencies.
• Generate system security status reports and metrics for leadership and auditors.
• Ensure documentation is accurate, current, and aligned with agency requirements.
• The ISSO conducts security monitoring and supports incident response activities.
• Conduct system log reviews, monitor system activity for abnormal behavior or potential compromise.
• Review, analyze, and report on vulnerability and compliance scan results.
• Ensure continuous monitoring of implemented security controls.
• Participate in incident response activities, including investigation, reporting, and after-action documentation.
• The ISSO coordinates with stakeholders and communicates system security requirements.
• Collaborate with ISOs, ISSMs, system administrators, engineers, and other stakeholders.
• Serve as a liaison with auditors, assessors, and external agencies during reviews.
• Provide security training and awareness to system owners & users as needed.
• Support contingency planning, testing, and disaster recovery activities.
• The ISSO assists in developing, recommending, and validating security policies and procedures.
• Contribute to the development and review of cybersecurity policies and procedures.
• Ensure systems are operated, maintained, and disposed of in compliance with policy.
• Support supply chain risk management requirements and validate use of third-party software.
• The ISSO supports system security throughout the full system development lifecycle.
• Provide advice on security requirements and architecture during design, development, and deployment for on-premises, hybrid, and cloud systems.
• Ensure controls remain effective through operations, sustainment, and system disposal.
• Reviews, recommends, and validates configuration and change management requests for assigned systems.
• Participates in Configuration Control Boards (CCBs).
• Review and assess the security impact of proposed system changes.
• Ensure security reviews are documented and follow established policy.
• The ISSO fulfills general responsibilities to ensure compliance and support oversight.
• Maintain positive working relationships with technical teams and stakeholders.
• Ensure security authorization and assessment activities are executed in accordance with policy and procedures.
• Support development of BIAs, PIAs, ISAs, and MOUs/A as required.
• Maintain current information in the client's Assessment & Authorization (A&A) tool (e.g., JCAM).
• Participate in security audits, assessments, and exercises.
• Report incidents, risks, and issues to ISSMs, CISOs, and other stakeholders.
• Complete required annual training and certifications.
• Support other duties as assigned by ISSMs or the CISO.
Basic Qualifications:
• Master’s degree in any of the following disciplines (Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science), from an ABET accredited or CAE designated institution fulfills the educational requirement for this WRC.
• One-and-one- half (1.5) years of additional experience can substitute for one (1) year of a typical degree program.
• Minimum 10 years of experience in Information Technology (IT) and/or Information Security (IS).
• DoD 8140 certification for their respective area or the ability to obtain certification within six (6) months of onboarding.
• Active Secret Security Clearance
Preferred Qualifications:
• Security Control Assessor intermediate certifications:
• CCISO, CISSP, or CISSP-ISSEP
• CISA, or CISM
• CPTE or CySA+
• FITSP-A
• GCSA, GSLC, or GSNA
• Information System Security Manager (ISSM)
• SASP, SSCP
• CCISO, CCSP, CISSP-ISSMP
• CGRC/CAP
• CISM
• CompTIA: Cloud+, Security+ CE, Security X
• FITSP-M
• SANS: GCIA, GCIH,GCSA, GICSP, GSEC, or GSLC
group id: 90670496
