Enterprise Information System Security Officer (ISSO) - Senior

ECS Tech Inc•Fairfax, VA

8h•Onsite

About The Position

ECS is seeking an Enterprise Information System Security Officer (ISSO) - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. This position supports Task 3, Cybersecurity Operations Support, and leads system-level Risk Management Framework (RMF) execution for assigned ARNG systems and enclaves across the DoDIN-Army-NG area of responsibility. The ISSO will develop and maintain authorization artifacts, validate security control implementation, coordinate remediation with engineering and operations teams, support assessment and authorization activities, and provide compliance and risk visibility to the ISSM. In this role, the candidate works closely with cybersecurity operations, enterprise operations, and system owners to help sustain authorization status and strengthen ARNG’s Defensive Cyberspace Operations – Internal Defensive Measures (DCO-IDM) mission. The role directly supports ARNG’s mission to deliver secure DoDIN services to more than 120,000 users and approximately 141,000 endpoints across about 2,800 sites in 54 states and territories, including support for Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified SIPRNet operations. The Senior ISSO will operate in an environment spanning classified and unclassified enclaves and will help maintain RMF evidence and authorization packages in eMASS, align compliance activities with STIGs, IAVAs, and continuous assessment requirements, and coordinate with cybersecurity teams operating alongside the SOC, USIEM-enabled monitoring, and broader ARNG enterprise stakeholders. This position is based in Fairfax, VA and performed in person five days per week. Please Note: This position is contingent upon contract award.

Requirements

U.S. Citizenship is required
Security Clearance: Secret Eligible
Required Certifications: DCWF Work Role 722-Information Systems Security Manager — Intermediate proficiency; must hold ONE OR MORE of the following: GMON, SecurityX / CASP+, CCISO, CCSP, CGRC/CAP, CISSO, Cloud+, GCSA, GSEC, Security+, SSCP
7+ years of experience in information assurance
Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering
Experience developing and maintaining RMF documentation for enterprise systems, enclaves, or hosted environments.
Experience preparing security authorization artifacts and managing submission records in eMASS.
Experience validating security control implementation and documenting control effectiveness for assessment activities.
Experience creating, tracking, and updating POA&Ms and coordinating remediation with technical teams.
Experience supporting compliance reviews involving STIGs, IAVAs, and related security guidance.
Ability to communicate system risk, authorization status, and compliance posture clearly to ISSMs and other stakeholders.

Responsibilities

Lead system-level RMF activities for assigned ARNG systems and enclaves to support ongoing authorization, compliance, and cyber risk management objectives under Task 3 – Cybersecurity Operations Support.
Develop, maintain, and update RMF documentation, including System Security Plans (SSPs), security control traceability matrices, assessment artifacts, and POA&M packages.
Validate the effectiveness of implemented security controls and coordinate corrective actions with engineering, enterprise operations, and system owner teams to address identified gaps.
Prepare and submit authorization artifacts through eMASS to support assessment and authorization activities and maintain current authorization status.
Support A&A events, security compliance reviews, and continuous assessment activities aligned with ARNG RMF processes and required supporting evidence.
Provide clear risk reporting, compliance status updates, and remediation tracking to the ISSM to support informed decision-making and prioritization.
Coordinate RMF and compliance actions for systems operating across classified and unclassified ARNG environments, including enclaves supporting SIPRNet operations and broader DoDIN-A(NG) mission requirements.
Align documentation and remediation activities with applicable security guidance, including STIGs, IAVAs, and other compliance inputs identified through ARNG cybersecurity operations.
Work in coordination with Task 3 cyber teams and relevant operational stakeholders supporting 24x7x365 cyber defense activities across the ARNG enterprise, including environments integrated with eMASS and enterprise cybersecurity monitoring functions.
Support preparation of evidence and security documentation needed for systems operating in coordination with ARNG cybersecurity operations and external mission partners such as the NETCOM Global Cyber Center and DISA DCDC.