ISSO

Information Systems Security Officer (ISSO)

Our partner is seeking an experience Information System Security Officer (ISSO) to support cybersecurity, compliance and risk management activities for Department of Defense (DoD) information systems operating in classified and controlled environments. This position plays a critical role in maintaining security compliance, support authorization efforts and ensuring operational systems meet Joint Special Access Program (SAP) Implementation Guide (JSIG), Risk Management Frameworks (RMF) and applicable DoD and Intelligence Community cybersecurity requirements.

The ISSO will work closely with the Information System Security Manager (ISSM), system administrators, engineers, program managers and government stakeholders to support Authorization Operate (ATO) activities, continuous monitoring, vulnerability management, and overall cybersecurity compliance efforts.

Key Responsibilities:

Information Assurance & ISSM Support

• Support the ISSM in executing cybersecurity responsibilities and serve as acting ISSM when required.
• Ensure systems are operated, maintained and disposed of in accordance with approved security policies and authorization requirements.
• Verify users possess appropriate security clearance, authorizations, and need-to-know prior to system access.
• Conduct periodic security reviews and compliance assessments to validate continued adherence to approved security baselines.
• Participate in Configuration Control Board (CCB) activities and evaluate proposed system changes for security impact.
• Coordinate hardware, software, and firmware modifications with security stakeholders prior to implementation.
• Notify appropriate authorities of system changes that may impact authorization status.
• Monitor system recovery efforts to ensure security controls are restored and functioning properly.
• Participate in Agile planning sessions and provide cybersecurity input on development and infrastructure activities.

Risk Management Framework (RMF) & Compliance

• Support the implementation and maintenance of cybersecurity controls in accordance with JSIG, RMF, NIST SP 800-53, and DoD cybersecurity requirements.
• Develop, update and maintain RMF documentation, including:
  • System Security Plans (SSPs)
  • Security Control Traceability Matrices (SCTMs)
  • Plans of Action & Milestones (POA&Ms)
  • Security Assessment Reports (SARs)
  • Continuous Monitoring Plans
• Assist with system authorization activities throughout the RMF lifecycle.
• Ensure security controls are implemented, documented, and maintained according to approved baselines.
• Support security assessments, audits, inspections and authorization reviews.

Continuous Monitoring & Vulnerability Management

• Perform continuous monitoring activities to maintain Authorization to Operate (ATO) status.
• Review and analyze vulnerability scan results from ACAS, Tenable, and similar tools.
• Track vulnerability remediation efforts and validate closure of findings.
• Support risk assessments and recommend mitigation strategies.
• Monitor system changes and assess potential cybersecurity impacts.
• Assist with configuration management activities to ensure compliance with approved baselines.

Security Operations

• Support cybersecurity incident response activities and document security incidents.
• Ensure audit logs and security records are collected, reviewed, retained, and analyzed according to policy requirements.
• Validate implementation of STIGs, system hardening standards, and secure configuration requirements.
• Work with system administrators and engineers to maintain secure system configurations.
• Support enforcement of least privilege, separation of duties, and access control requirements.
• Provide cybersecurity guidance and support to system users and administrators.

Documentation & Reporting

• Maintain accurate cybersecurity documentation, records and compliance artifacts.
• Prepare reports, status updates, and briefings for program leadership, government representatives, and security stakeholders.
• Maintain evidence required for audits, inspections, and authorization activities.
• Support internal and external cybersecurity reviews and assessments.

Required Qualifications:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Systems, or a related discipline (or equivalent combination of education and experience).
• Mininum of 5 years of experience in cybersecurity, information assurance, information systems security, or related fields.
• Experience supporting DoD Risk Management Framework (RMF) processes and cybersecurity compliance initiatives.
• Working knowledge of:
  • Joint SAP Implementation Guide (JSIG)
  • NIST SP 800-53 Security Controls
  • DoD RMF Process
  • Security Technical Implementation Guides (STIGs)
  • Vulnerability Management Programs
• Active TS/SCI security clearance.
• Current DoD 8570/8140 compliant certification such as CISSP, CISM, CASP+, or CISA.
• Strong analytical, troubleshooting and problem-solving skills.
• Excellent written and verbal communications skills.
• Ability to work independently and collaboratively in a fast-paced, mission-focused environment.
• Strong attention to detail and documentation accuracy.

Preferred Qualifications:

• Experience supporting SAP, SCI or other classified environments.
• Experience securing Windows, Linux and virtualized environments.
• Familiarity with Cross Domain Solutions (CDS).
• Experience with cybersecurity tools including:
  • ACAS
  • Splunk
  • Tenable
  • Trellix ePO
  • Similar enterprise security platforms
• Knowledge of cloud security requirements within DoD environments.
• Experience supporting security assessments and authorization package development.
• Stroing understanding of cybersecurity risk management and compliance frameworks.

Additional Requirements:

• Must reside within driving distance of Lorton, Virginia or be willing to relocate (relocation assistance available).
• Must be able to work onsite.
• Must be willing to support occasional after-hours activities, incident response efforts and on-call responsibilities.
• Must be willing and able to travel frequently.
• Active TS/SCI Clearance is required and must be maintained throughout employment.