Cybersecurity Lead / Information System Security Officer (ISSO)

About The Position

Requirements

• Active CISSP certification.
• CASP+ or equivalent advanced security certification.
• DoD 8140 / 8570 IAT Level 2 baseline certification (Security+ or equivalent) — required for privileged access per RFP C-12.2.
• 10+ years RMF practitioner experience in DoD environments.
• Direct experience as an ISSO on a system with an active ATO.
• Demonstrated experience evaluating change impact against ATO boundaries on enterprise IT environments.
• Working knowledge of NIST SP 800-53 controls, eMASS, and DoD continuous monitoring requirements.
• U.S. citizenship; ability to obtain and maintain the appropriate background investigation level.

Nice To Haves

• Active or recent Secret clearance (likely required at the task order level for systems touching DoD-connected networks).
• Prior ISSO experience on a NAF or Navy connected system.
• CISM, CISA, or Security+ instructor-level credentials.
• Experience with cloud security control inheritance (FedRAMP, DISA SRG IL2/IL4).

Responsibilities

• RMF treatment of all changes — impact analysis against ATO boundaries, security control baselines, and continuous monitoring requirements.
• POA&M development, tracking, and closure across distributed installations.
• Coordinated change packages for cross-domain releases (e.g., concurrent ERP patch + POS firmware refresh) with staged rollout against the F&FR maintenance calendar.
• ATO renewal coordination with Authorizing Officials and CNIC cybersecurity stakeholders.
• Security control testing and audit-trail integrity during patch windows.
• Cybersecurity workforce: ISSO support, cybersecurity analysts, compliance specialists.
• Standing voting seat on the Joint Change Advisory Board (JCAB).