Information Systems Security Officer (ISSO)

GovCIO is currently hiring for an Information Systems Security Officer (ISSO) to support our client's contract needs. The ISSO ensures the confidentiality, integrity, and availability of HUD information systems by executing the NIST Risk Management Framework (RMF), supporting system authorization activities, conducting continuous monitoring, and coordinating remediation efforts with system owners and technical teams. Key responsibilities include maintaining system security posture, supporting FISMA and OMB A-130 compliance, responding to audits, validating controls, analyzing vulnerabilities, and ensuring security documentation is accurate and audit-ready.

This position is based in the United States and is a full remote work.

Responsibilities

• Support and execute all phases of the NIST SP 800-37 RMF lifecycle including categorization, control selection, implementation, assessment, authorization, and continuous monitoring.
• Develop, maintain, and update RMF documentation in JCAM including System Security Plans, Security Assessment Plans, Security Assessment Reports, POA&Ms, Configuration Management Plans, Contingency Plans, Incident Response Plans, Risk Assessment documentation, and interconnection documents.
• Establish system impact levels following FIPS 199 for confidentiality, integrity, and availability.
• Ensure systems comply with FISMA, NIST SP 800-53 Rev 5, OMB A-130, and applicable agency cybersecurity policies.
• Prepare and maintain Body of Evidence materials and control traceability documentation in JCAM
• Support Authorization to Operate (ATO), Authority to Connect (ATC), and ongoing authorization activities; maintain associated documentation in JCAM.
• Review and analyze vulnerability scan results using Tenable Security Center.
• Validate asset inventories and correlate system information.
• Validate secure configuration baselines and system hardening standards.
• Track remediation activities and ensure POA&M items and milestones are created, updated, and closed on schedule.
• Review endpoint security posture and support investigations by correlating endpoint findings with vulnerability, configuration, and CDM data.
• Provide security reporting, dashboards, and status updates to system owners and leadership.
• Support configuration management processes by reviewing and assessing change requests for security impact.
• Ensure security controls are implemented correctly during system changes, upgrades, or new deployments.
• Stay informed on emerging cybersecurity policies, standards, and threat landscapes; provide recommendations for improving security posture
• Collaborate with technical and non-technical personnel to review systems, gather evidence, and communicate security requirements.

Qualifications

Bachelor's degree in IT, Cybersecurity, Computer Science, or related field (or equivalent experience) with 5-8+ years or (commensurate experience)

Required Skills and Experience

• 2-3 years in an ISSO or cybersecurity compliance role supporting RMF process.
• Strong understanding of NIST 800-53 controls and assessment procedures.
• Experience collecting, developing and maintaining RMF artifacts.
• Experience managing POA&Ms and documenting remediation efforts.
• Experience reviewing, interpreting, or validating vulnerability and configuration findings.

Clearance Required: Ability to obtain and maintain a HUD Public Trust clearance.

Preferred Qualifications

• CISSP, CISM, or similar advanced certification.
• Experience supporting federal authorization packages.
• Familiarity with CDM reporting and continuous monitoring processes.
• Experience supporting secure development or cloud system reviews.

Posted Salary Range

USD $90,000.00 - USD $110,000.00 /Yr.