Information System Security Officer (ISSO)

Information Systems Security Officer (ISSO)
 

The Information System Security Officer (ISSO) is responsible for managing the full Risk Management Framework (RMF) lifecycle to support the Authorization to Operate (ATO) for assigned information systems. This includes leading initial ATO efforts for new systems and maintaining continuous compliance for systems with an existing ATO. The ISSO will work closely with system owners, engineers, and cybersecurity stakeholders to ensure all cybersecurity requirements are identified, documented, implemented, tested, and monitored in accordance with federal and organizational policies.

Key Responsibilities:

• Serve as the primary cybersecurity point of contact for assigned information systems throughout the RMF lifecycle.

• Lead or support development of all RMF documentation including the System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), Plan of Action and Milestones (POA&M), and other artifacts required for ATO packages.

• Coordinate with system owners, developers, engineers, and assessors to identify and implement security controls based on system categorization (FIPS 199), using NIST SP 800-53 (rev. 5).

• Conduct and document security impact analyses for system changes and ensure continuous monitoring strategies are implemented.

• Support vulnerability scanning, STIG application, risk assessments, and compliance reporting to ensure ongoing ATO maintenance.

• Maintain up-to-date knowledge of cyber regulations and best practices, including NIST, CNSSI, FedRAMP, DoD RMF, and agency-specific guidance.

• Track and report POA&M items to resolution, ensuring timely mitigation of findings and audit readiness.

• Interface with Authorizing Officials (AOs), Security Control Assessors (SCAs), and other stakeholders during security assessments, audits, and reviews.

• Support incident response and system recovery actions if security events occur.

Required Qualifications:

• Bachelor’s degree in Information Systems, Cybersecurity, Computer Science, or related field; or equivalent experience.

• Minimum of 3–5 years of direct experience supporting RMF and ATO processes.

• Demonstrated expertise with NIST SP 800-53 controls and RMF steps.

• Familiarity with security tools (e.g., ACAS, Nessus, HBSS, STIG Viewer, Splunk).

• Working knowledge of eMASS or similar compliance tracking platforms.

• Experience writing or reviewing SSPs, POA&Ms, and related documentation.

• DoD 8570-compliant certification (e.g., Security+, CISSP, CISM, CAP).

Preferred Qualifications:

• Experience with cloud-based systems (AWS, Azure, GovCloud) and FedRAMP.

• Familiarity with continuous ATO (cATO) environments and DevSecOps pipelines.

• Previous experience supporting DoD, DHS, or IC customers.

Soft Skills:

• Strong written and verbal communication.

• Detail-oriented with excellent organizational and documentation skills.

• Ability to manage competing priorities and timelines in a fast-paced environment.

• Collaborative team player with the ability to interface across technical and non-technical stakeholders.

Additional Requirements:

• Minimum of a DoD Final Top Secret security clearance at start.

• Must be able to work on site