Information Systems Security Officer (ISSO) - Senior‑Level

Position Description

Senior Information Systems Security Officer (ISSO) to support a major federal initiative. The Senior ISSO serves as a technical and compliance lead, guiding system owners, engineers, and security teams through RMF, ATO, and continuous monitoring activities. This role is responsible for interpreting policy, providing authoritative security guidance, leading audits, and evaluating complex systems across hybrid cloud and on‑premises environments. The Senior ISSO will mentor junior staff and ensure that systems maintain full compliance with federal requirements, NIST security controls, and agency‑specific governance.

Your Future Duties and Responsibilities

• Lead the implementation, assessment, and enhancement of NIST 800‑53 security controls across cloud, hybrid, and on Prem environments.
• Oversee RMF and ATO package development, review, and approval processes, including SSPs, IRPs, ISCPs, CMPs, and POA&Ms.
• Serve as a senior security advisor to system owners, program leadership, and regulatory bodies.
• Lead internal and external audit preparation, documentation, artifact collection, and response strategies.
• Conduct advanced risk assessments, architecture reviews, and system security analyses.
• Guide POA&M management and direct the remediation of vulnerabilities identified via ACAS, STIG, SCAP, and agency‑specific scans.
• Support continuous monitoring programs, change control reviews, and ongoing security lifecycle management.
• Mentor Junior and Mid‑Level ISSOs; contribute to process standardization and governance improvements.
• Review emerging threats and provide security recommendations to align systems with evolving federal and agency requirements.

Required Qualifications To Be Successful In This Role

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field (Master’s preferred).
• Minimum of 5+ years of direct cybersecurity or federal RMF experience supporting ATO and continuous monitoring activities.
• Active Top Secret (TS) clearance (SCI preferred if applicable).
• Demonstrated expertise in RMF, FISMA, NIST 800-53, and federal compliance frameworks.
• Ability to lead security initiatives, coordinate with senior stakeholders, and drive remediation activities.
• Strong technical understanding of enterprise architectures, risk management, and secure configurations.
• Proven experience mentoring junior cybersecurity personnel.

Preferred Certifications

Strongly Preferred:

• CISSP
• CAP
• CCSP
• CISM

Additional Highly Valuable Certifications

• CASP+ CE
• CISA
• GCIH
• GCED
• Other DoD 8140/8570 IAM/IASAE certifications

Technical Familiarity

• Advanced use of ACAS/Nessus, STIG Viewer, SCAP Compliance Checker
• eMASS or similar A&A workflow tools (expert proficiency preferred)
• Cloud security architectures (AWS, Azure, GovCloud) including control inheritance and boundary considerations
• Log/SIEM review fundamentals (Splunk, ELK)
• Secure configuration management and vulnerability lifecycle management
• Understanding of secure networking, identity management, zero trust models, and boundary protection
• Familiarity with scripting or automation (PowerShell, Python, Bash) is a plus
• Experience working with DevOps/engineering teams on secure design, change reviews, and risk mitigation.