Information System Security Officer (ISSO) – Assessment & Authorization (A&A)

Dragonfli Group•Washington, DC

1d•Remote

About The Position

This contract Information System Security Officer (ISSO) role supports a large federal agency’s Assessment & Authorization (A&A) program, helping protect enterprise IT systems and applications—including cloud computing environments—by ensuring security controls, risk decisions, and compliance documentation meet required standards. The ISSO will lead and coordinate security assessments across multiple large, complex initiatives; implement and validate controls; conduct risk assessments; and drive accreditation activities using NIST RMF and ISO standards, along with Governance, Risk, and Compliance (GRC) tools and network/vulnerability scanning technologies. This role requires seasoned IT security expertise, hands-on technical skills, and strong communication and planning abilities to guide stakeholders and brief executives. It's a high-impact opportunity to shape security authorization outcomes within a major federal agency. This is a multi-year contract position involving a large US federal agency. Candidates with previous federal contracting experience are preferred. U.S. Citizenship or Permanent Residency required. If hired, all work related to this role must be performed within the continental U.S.

Requirements

Experience managing security assessments across multiple applications/domains, including cloud computing
Demonstrated proficiency implementing security controls and conducting risk assessments
Demonstrated proficiency documenting compliance measures based on NIST RMF and ISO standards
Demonstrated experience evaluating and supporting A&A documentation, validation, and accreditation activities for IT systems
Demonstrated ability to ensure appropriate treatment of risk, compliance, and assurance from internal and external perspectives
Experience supporting development of security blueprints, standards, guidelines, and architecture-aligned security designs
Experience with network and vulnerability scanning tools/technologies to assess system configuration and status
In-depth understanding of security architecture principles and best practices for secure IT infrastructure
Demonstrated proficiency using GRC tools to manage A&A processes
Strong organizational skills, including building schedules and step-by-step action plans
Effective communication and collaboration skills, including ability to brief executives
U.S. Citizenship or Permanent Residency required; all work must be performed within the continental U.S.

Nice To Haves

Previous federal contracting experience is preferred.

Responsibilities

Manage security assessments for a variety of applications and domains, including cloud computing environments
Lead multiple large, complex, high-risk security assessment initiatives concurrently
Implement security controls and verify control effectiveness in alignment with NIST RMF and ISO standards
Conduct risk assessments and document compliance measures to meet organizational and regulatory requirements
Evaluate, validate, and support documentation required for A&A and accreditation activities for new and existing IT systems
Ensure appropriate treatment of risk, compliance, and assurance from internal and external perspectives
Support development of actionable security blueprints, principles, models, designs, standards, and guidelines
Apply security architecture principles and best practices to help design and maintain secure IT infrastructures aligned to A&A policies
Use network and vulnerability scanning tools to interrogate systems for configuration and security status
Utilize GRC tools to manage and track A&A workflows, artifacts, and approvals
Serve as an A&A subject matter expert, providing guidance to stakeholders, business units, and new A&A resources
Build and maintain schedules and step-by-step action plans; brief cross-functional teams and executives on status and risk