Senior Information System Security Officer

Position Summary

The Information System Security Officer (ISSO) is responsible for establishing, implementing, and maintaining the security posture of an organization's information systems. The ISSO ensures compliance with applicable security policies, frameworks, and standards—including NIST 800-series, RMF, FedRAMP, FISMA, ISO 27001, or organizational requirements—while working closely with system owners, administrators, developers, and leadership.

Key ResponsibilitiesSecurity Governance & Compliance

• Ensure information systems comply with applicable cybersecurity regulations, policies, and frameworks (e.g., NIST SP 800-53, RMF, DoD , FedRAMP, ISO
• Maintain and update security documentation including SSPs, SARs, POA&Ms, Risk Assessments, and Continuous Monitoring (ConMon) artifacts.
• Support and maintain the system's Authorization to Operate (ATO) or equivalent certification.

Risk Management

• Identify, analyze, and track security risks and vulnerabilities.
• Recommend remediation strategies and work with technical teams to implement corrective actions.
• Conduct periodic risk assessments and security impact analyses for system changes.

Monitoring & Incident Response

• Monitor system security controls for effectiveness and compliance.
• Participate in or lead incident response processes, investigations, and reporting.
• Coordinate with SOC, ISSM, system administrators, and other stakeholders during security events.

Technical Security Oversight

• Review configuration baselines, system updates, patches, and security controls.
• Ensure proper implementation and continuous validation of technical, administrative, and physical security controls.
• Support vulnerability scanning, penetration testing, and security tool implementation.

Documentation & Reporting

• Develop and maintain security policies, procedures, and operational guides.
• Prepare periodic security reports, dashboards, and briefings for leadership.
• Maintain audit-ready documentation and support internal/external audits.

Training & Awareness

• Support or conduct security awareness training for system users.
• Advise teams on secure practices and compliance requirements.

Required Qualifications

• Bachelor's degree in Cybersecurity, IT, Computer Science, or related field (or equivalent experience).
• Knowledge of NIST RMF, NIST controls, FISMA, FedRAMP, or DoD cybersecurity requirements.
• Understanding of networking, operating systems, cloud security, and security tools.
• Experience with vulnerability management, SIEM/SOC operations, and incident response.

Preferred Certifications

• CISSP
• CISM
• Security+
• CEH
• CCSP
• CAP (Certified Authorization Professional)

Job Types: Full-time, Contract

Pay: $13, $145,000.00 per year

Work Location: Remote