Posted today
Public Trust
Mid Level Career (5+ yrs experience)
Unspecified
IT - Security
Washington, DC (On/Off-Site)
We are hiring a skilled and detail-oriented Information Systems Security Officer (ISSO) to support the continued execution and enhancement of cybersecurity and assessment & authorization (A&A) programs for a federal client. This role is ideal for a self-starter with deep knowledge of the NIST Risk Management Framework (RMF), continuous monitoring, and information assurance practices. The ISSO will provide leadership and hands-on support for the security lifecycle of enterprise systems.
New Award 5 Years
Hybrid 3 days Onsite 2 days from Home
Location: Washington DC 1155 21st Street, NW, Washington, D.C.
Clearance: Must be a US Citizen Active Public Trust Required
Key Responsibilities
Act as the primary liaison for system owners and federal stakeholders for assigned systems
Support the risk management lifecycle by identifying, tracking, and mitigating cyber risks affecting system security posture
Guide systems through the RMF process, focusing on A&A and continuous monitoring efforts
Maintain and update security authorization documentation using GRC tools (e.g., ServiceNow GRC/IRM)
Assist in implementing common control provider (CCP) programs and integrating enterprise-level cybersecurity strategies
Collaborate with security architects, engineers, and compliance teams on vulnerability assessments, risk mitigation, and system updates
Track and report on package statuses and ensure timely execution of security plans and deliverables
Provide expert insight into policy alignment with NIST, DHS, OMB, and other federal cybersecurity requirements
Required Qualifications
Education: Bachelor’s Degree in Cybersecurity, Information Technology, Computer Science, or related discipline
Certifications: One or more of the following is required: CISA, CRISC, CISM, Security+
Experience:
5+ years in cybersecurity, including at least 3+ years in a GRC, IT audit, or A&A-focused role
Hands-on experience navigating the full RMF lifecycle, including A&A and continuous monitoring
Familiarity with FedRAMP, hybrid cloud security, and multi-tenant architectures
Strong understanding of NIST standards including 800-53, 800-171, 800-137, and NIST CSF
Preferred Skills
Experience with GRC platforms such as CSAM, and SericeNow IRM.
Working knowledge of vulnerability scanning tools such as Nessus, Tenable SecurityCenter, or Qualys
Familiarity with policy development and aligning to mandates from OMB, DHS, and CNSS
Strong ability to analyze and communicate risk, write compelling documentation, and manage multiple tasks concurrently
Excellent verbal, written, and presentation communication skills
New Award 5 Years
Hybrid 3 days Onsite 2 days from Home
Location: Washington DC 1155 21st Street, NW, Washington, D.C.
Clearance: Must be a US Citizen Active Public Trust Required
Key Responsibilities
Act as the primary liaison for system owners and federal stakeholders for assigned systems
Support the risk management lifecycle by identifying, tracking, and mitigating cyber risks affecting system security posture
Guide systems through the RMF process, focusing on A&A and continuous monitoring efforts
Maintain and update security authorization documentation using GRC tools (e.g., ServiceNow GRC/IRM)
Assist in implementing common control provider (CCP) programs and integrating enterprise-level cybersecurity strategies
Collaborate with security architects, engineers, and compliance teams on vulnerability assessments, risk mitigation, and system updates
Track and report on package statuses and ensure timely execution of security plans and deliverables
Provide expert insight into policy alignment with NIST, DHS, OMB, and other federal cybersecurity requirements
Required Qualifications
Education: Bachelor’s Degree in Cybersecurity, Information Technology, Computer Science, or related discipline
Certifications: One or more of the following is required: CISA, CRISC, CISM, Security+
Experience:
5+ years in cybersecurity, including at least 3+ years in a GRC, IT audit, or A&A-focused role
Hands-on experience navigating the full RMF lifecycle, including A&A and continuous monitoring
Familiarity with FedRAMP, hybrid cloud security, and multi-tenant architectures
Strong understanding of NIST standards including 800-53, 800-171, 800-137, and NIST CSF
Preferred Skills
Experience with GRC platforms such as CSAM, and SericeNow IRM.
Working knowledge of vulnerability scanning tools such as Nessus, Tenable SecurityCenter, or Qualys
Familiarity with policy development and aligning to mandates from OMB, DHS, and CNSS
Strong ability to analyze and communicate risk, write compelling documentation, and manage multiple tasks concurrently
Excellent verbal, written, and presentation communication skills
group id: 10191027
