Job Requirements
Washington, DC
Public Trust Polygraph not specified
Senior Level Career (10+ yrs experience)
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
For more than a decade, Karthik Consulting has been a reliable and trusted advisor to our Government customers, providing independent and unbiased recommendations and solutions to mitigate risk and help solve IT issues. We bring the innovation, passion, and agility of the commercial sector to meet the unique challenges of this competitive space.
Karthik Consulting is seeking a Senior Information System Security Officer (ISSO) (Cybersecurity Analyst III) with the below skillset.
Senior Information System Security Officer (ISSO) (Cybersecurity Analyst III)
Fulltime with Karthik Consulting
Location: Washington, DC
Clearance: Public Trust
Program Description:
The IT CSSS program provides information security support to the Federal Bureau of Prisons Information Technology & Data Division and other DOJ components as required. The program supports BOP obligations to protect federal information systems under FISMA, OMB Circular A-130, the Privacy Act, NIST RMF guidance, DOJ policy, and related cybersecurity requirements.
Program Scope:
The program covers ATO maintenance and rapid ATO activities, RMF lifecycle support, JCAM-based authorization management, FISMA/FISCAM audit support, security architecture and engineering support, vulnerability and risk management, privacy documentation, FedRAMP assessment support, continuous monitoring, and coordination with BOP system owners, CORs, AOs, and technical stakeholders.
Key Responsibilities:
RMF and ATO Lifecycle Support
• Develop, maintain, and assess SA&A packages supporting ATO, re-ATO, ongoing authorization, and rapid authorization activities for BOP information systems.
• Support RMF preparation, categorization, control selection, implementation, assessment, authorization, and continuous monitoring in accordance with DOJ and BOP requirements.
• Use JCAM and government processes to document system registration, categorization, control baselines, authorization status, and required ATO artifacts.
• Assemble authorization packages, including SSPP/SSP artifacts, SARs, POA&Ms, residual risk reports, risk analysis reports, executive briefings, and authorization documentation.
Security Control Assessment and Documentation
• Develop and maintain assessment plans, control documentation, implementation statements, test evidence, and assessment results.
• Assess security and privacy controls against NIST SP 800-53, DOJ Cybersecurity Standards, BOP policy, and applicable federal guidance.
• Identify documentation gaps, validate evidence, and coordinate corrective actions with system owners, engineers, assessors, and government stakeholders.
• Update SSPP/SSP, SAR, POA&M, contingency plan, incident response plan, configuration management plan, privacy, and supporting artifacts as system conditions change.
Risk, POA&M, and Continuous Monitoring
• Track and report cybersecurity risks, vulnerabilities, weaknesses, and remediation activities through POA&M closure, risk acceptance, or corrective action.
• Support ongoing authorization by monitoring system and environment changes, initiating security and privacy impact analysis, and updating artifacts as required.
• Prepare security and privacy status reporting on system security posture, major risks, vulnerability status, POA&M progress, and key authorization activities.
• Coordinate with vulnerability management, SIEM, compliance, configuration management, and technical teams to collect evidence and support near real-time risk management.
Stakeholder Coordination and Reporting
• Coordinate with BOP system owners, CORs, AOs, SCOP/privacy officials, assessors, technical teams, and contractor leadership to resolve authorization risks.
• Prepare cybersecurity briefings, risk summaries, status updates, and decision support materials for government stakeholders and program leadership.
• Support monthly status reporting by documenting completed activities, deliverables, risks, issues, corrective actions, and staffing or performance considerations.
• Provide senior-level cybersecurity guidance regarding SA&A readiness, ATO package quality, risk communication, and compliance expectations.
Qualifications
Education
• Bachelor’s degree required.
• Degree in cybersecurity, information systems, computer science, information technology, management information systems, or a related discipline preferred.
Professional Certifications
Candidate must possess at least one of the following required certifications:
• CISA - Certified Information Systems Auditor.
• CRISC - Certified in Risk and Information Systems Control.
• CISSP - Certified Information Systems Security Professional.
• CGRC - Certified in Governance, Risk and Compliance.
Minimum Qualifications
• Minimum of seven (7) years of cybersecurity experience.
• Minimum of six (6) years developing, maintaining, and assessing SA&A packages resulting in an ATO for IT systems.
• Experience supporting RMF, ATO maintenance, continuous monitoring, POA&M management, control assessment, and security authorization documentation.
• Experience preparing or maintaining SSP/SSPP, SAR, POA&M, risk assessment, residual risk, incident response, contingency planning, configuration management, privacy, and authorization package artifacts.
• Ability to coordinate with system owners, technical teams, assessors, authorizing officials, privacy stakeholders, CORs, and program leadership.
• Public Trust / Suitability required; must be able to obtain and maintain required access for the duration of assignment.
Preferred Qualifications
• Prior DOJ, BOP, or federal law enforcement cybersecurity support experience.
• Experience using DOJ JCAM or similar governance, risk, and compliance systems to manage authorization artifacts and evidence.
• Working knowledge of NIST SP 800-37, NIST SP 800-53, FISMA, FISCAM, OMB Circular A-130, Privacy Act requirements, DOJ cybersecurity policy, and FedRAMP concepts.
• Experience supporting on-premises, cloud, hybrid, or air-gapped federal systems.
• Strong written communication skills with the ability to produce audit-ready cybersecurity documentation and executive-level risk summaries.
Karthik Consulting is seeking a Senior Information System Security Officer (ISSO) (Cybersecurity Analyst III) with the below skillset.
Senior Information System Security Officer (ISSO) (Cybersecurity Analyst III)
Fulltime with Karthik Consulting
Location: Washington, DC
Clearance: Public Trust
Program Description:
The IT CSSS program provides information security support to the Federal Bureau of Prisons Information Technology & Data Division and other DOJ components as required. The program supports BOP obligations to protect federal information systems under FISMA, OMB Circular A-130, the Privacy Act, NIST RMF guidance, DOJ policy, and related cybersecurity requirements.
Program Scope:
The program covers ATO maintenance and rapid ATO activities, RMF lifecycle support, JCAM-based authorization management, FISMA/FISCAM audit support, security architecture and engineering support, vulnerability and risk management, privacy documentation, FedRAMP assessment support, continuous monitoring, and coordination with BOP system owners, CORs, AOs, and technical stakeholders.
Key Responsibilities:
RMF and ATO Lifecycle Support
• Develop, maintain, and assess SA&A packages supporting ATO, re-ATO, ongoing authorization, and rapid authorization activities for BOP information systems.
• Support RMF preparation, categorization, control selection, implementation, assessment, authorization, and continuous monitoring in accordance with DOJ and BOP requirements.
• Use JCAM and government processes to document system registration, categorization, control baselines, authorization status, and required ATO artifacts.
• Assemble authorization packages, including SSPP/SSP artifacts, SARs, POA&Ms, residual risk reports, risk analysis reports, executive briefings, and authorization documentation.
Security Control Assessment and Documentation
• Develop and maintain assessment plans, control documentation, implementation statements, test evidence, and assessment results.
• Assess security and privacy controls against NIST SP 800-53, DOJ Cybersecurity Standards, BOP policy, and applicable federal guidance.
• Identify documentation gaps, validate evidence, and coordinate corrective actions with system owners, engineers, assessors, and government stakeholders.
• Update SSPP/SSP, SAR, POA&M, contingency plan, incident response plan, configuration management plan, privacy, and supporting artifacts as system conditions change.
Risk, POA&M, and Continuous Monitoring
• Track and report cybersecurity risks, vulnerabilities, weaknesses, and remediation activities through POA&M closure, risk acceptance, or corrective action.
• Support ongoing authorization by monitoring system and environment changes, initiating security and privacy impact analysis, and updating artifacts as required.
• Prepare security and privacy status reporting on system security posture, major risks, vulnerability status, POA&M progress, and key authorization activities.
• Coordinate with vulnerability management, SIEM, compliance, configuration management, and technical teams to collect evidence and support near real-time risk management.
Stakeholder Coordination and Reporting
• Coordinate with BOP system owners, CORs, AOs, SCOP/privacy officials, assessors, technical teams, and contractor leadership to resolve authorization risks.
• Prepare cybersecurity briefings, risk summaries, status updates, and decision support materials for government stakeholders and program leadership.
• Support monthly status reporting by documenting completed activities, deliverables, risks, issues, corrective actions, and staffing or performance considerations.
• Provide senior-level cybersecurity guidance regarding SA&A readiness, ATO package quality, risk communication, and compliance expectations.
Qualifications
Education
• Bachelor’s degree required.
• Degree in cybersecurity, information systems, computer science, information technology, management information systems, or a related discipline preferred.
Professional Certifications
Candidate must possess at least one of the following required certifications:
• CISA - Certified Information Systems Auditor.
• CRISC - Certified in Risk and Information Systems Control.
• CISSP - Certified Information Systems Security Professional.
• CGRC - Certified in Governance, Risk and Compliance.
Minimum Qualifications
• Minimum of seven (7) years of cybersecurity experience.
• Minimum of six (6) years developing, maintaining, and assessing SA&A packages resulting in an ATO for IT systems.
• Experience supporting RMF, ATO maintenance, continuous monitoring, POA&M management, control assessment, and security authorization documentation.
• Experience preparing or maintaining SSP/SSPP, SAR, POA&M, risk assessment, residual risk, incident response, contingency planning, configuration management, privacy, and authorization package artifacts.
• Ability to coordinate with system owners, technical teams, assessors, authorizing officials, privacy stakeholders, CORs, and program leadership.
• Public Trust / Suitability required; must be able to obtain and maintain required access for the duration of assignment.
Preferred Qualifications
• Prior DOJ, BOP, or federal law enforcement cybersecurity support experience.
• Experience using DOJ JCAM or similar governance, risk, and compliance systems to manage authorization artifacts and evidence.
• Working knowledge of NIST SP 800-37, NIST SP 800-53, FISMA, FISCAM, OMB Circular A-130, Privacy Act requirements, DOJ cybersecurity policy, and FedRAMP concepts.
• Experience supporting on-premises, cloud, hybrid, or air-gapped federal systems.
• Strong written communication skills with the ability to produce audit-ready cybersecurity documentation and executive-level risk summaries.
group id: 91008401
