Cybersecurity Information System Security Officer (ISSO)

About The Position

Requirements

• The candidate must be self-motivated, customer-focused, and capable of working in a fast-paced Department of Defense (DoD) environment.
• Minimum of 2 years of experience serving as an Information System Security Officer (ISSO) within a DoD environment
• Demonstrated experience using eMASS to support RMF activities
• Experience supporting cloud applications within a DoD environment
• Experience supporting governance, risk, and compliance (GRC) activities
• Experience executing comprehensive risk assessments
• Experience preparing executive-level cybersecurity reports
• Experience maintaining cross-organizational communications with major Army entities
• Hands-on, practical cybersecurity experience preferred
• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related technical discipline (or equivalent experience)
• Experience supporting users in a DoD or Federal Government environment preferred
• Must be a U.S. Citizen.
• Must possess and maintain an active Secret security clearance.
• Must be eligible for access to SIPRNet as required.
• Ability to sit for prolonged periods at a desk working on a computer
• Ability to perform repetitive motions with hands, wrists, and fingers
• Ability to lift and carry IT equipment up to 40 pounds
• Ability to move between buildings and offices to provide onsite support
• Ability to engage in and follow audible communications in emergency situations

Nice To Haves

• Cloud-related Certs preferred

Responsibilities

• Serve as the ISSO for assigned DoD information systems, including cloud-based applications
• Support Risk Management Framework (RMF) activities using Enterprise Mission Assurance Support Service (eMASS)
• Maintain and update RMF documentation, including System Security Plans (SSPs), POA&Ms, Security Assessment Reports (SARs), and supporting artifacts
• Support governance, risk, and compliance (GRC) efforts to ensure systems meet DoD and Army cybersecurity requirements
• Execute comprehensive risk assessments, including control validation, vulnerability analysis, and risk impact evaluations
• Track and manage security control implementation and remediation activities
• Prepare executive-level cybersecurity reports and briefings outlining system posture, risk status, compliance metrics, and remediation progress
• Maintain cross-organizational communications with major Army entities, including Authorizing Officials (AOs), Security Control Assessors (SCAs), ISSMs, system owners, and program leadership
• Support cloud application security compliance efforts in accordance with DoD cloud security policies and FedRAMP requirements (as applicable)
• Assist with continuous monitoring activities and ensure findings are documented and resolved in accordance with established timelines
• Provide cybersecurity guidance to technical and operational teams to ensure secure system configurations and operations