Information Security Systems Officer, Information Services

About The Position

Requirements

• Minimum 3 years of experience with a BS/BA degree in an IT information security or compliance role in a corporate or government contractor setting. (Minimum 7 years’ experience without a BA/BS degree.)
• Strong understanding of NIST SP 800-171, CMMC Level 2, and basic DFARS cybersecurity clauses.
• Extensive knowledge of multiple federal government network security processes and procedures
• Technical background with understanding or hands-on experience in Information Technology environments and web technologies
• Excellent oral and written communications skills required for correspondence, reports, briefings, and procedures
• U.S. Citizenship (required for defense contractor compliance).
• Must have the ability to obtain and maintain a security clearance
• Cybersecurity Risk Management or Information Assurance related certifications.
• Proficient in MS Office Applications.
• Excellent written/verbal communication skills and judgement.

Nice To Haves

• Professional certifications such as Security+, CISSP, CISA, or CRISC.
• Familiarity with audit processes, internal controls, and security risk assessments.
• Knowledge of Microsoft office applications
• Working knowledge of Confluence and Jira for task management
• Experience With a BS/BA degree, at least 3 years’ experience in cybersecurity required.
• Without a BS/BA degree, at least 7 years’ experience in cybersecurity security required.

Responsibilities

• Develop and maintain System Security Plans (SSPs) and supporting documentation aligned with NIST 800-171 and CMMC practices.
• Conduct regular security control assessments, perform gap analyses, and update Plans of Action and Milestones (POA&Ms).
• Coordinate security authorization and compliance activities across IT systems and applications.
• Perform ongoing security reviews of applications, infrastructure, and business processes to verify compliance and identify improvements.
• Recommend remediation strategy, track remediation efforts, and collaborate closely with IT, DevOps, and business teams
• Conduct comprehensive cybersecurity audits to ensure compliance with CMMC, DFARS 7012, NIST 800-171, and other relevant regulations.
• Analyze and assess various data types, including Controlled Unclassified Information (CUI), Controlled Technical Information (CTI), Federal Contract Information (FCI), International Traffic in Arms Regulations (ITAR), and Export Administration Regulation (EAR99).
• Collaborate with system and network administrators to ensure audit features are configured and enabled correctly.
• Conduct third-party/vendor security assessments as part of the procurement and onboarding process.
• Review supplier security documentation and manage risks associated with external data sharing and service providers.
• Participate in incident response activities, including documentation, coordination, and lessons learned reviews.
• Help improve incident detection, containment, and prevention through policy, training, and technical improvements.
• Utilize GRC tools to document and track risk assessments, policy compliance, and mitigation efforts.
• Identify and evaluate risks to information assets; assist in the development of risk treatment and remediation plans.
• Review policy exceptions to assess impact and risk, track approvals, and monitor mitigation within target remediation timeline
• Collaborate with internal stakeholders to ensure alignment of technical and administrative controls with risk management strategies.
• Support the development and rollout of security awareness training to ensure users understand responsibilities and best practices.
• Ensure training completion and maintain accurate compliance records; other duties as assigned.