Information System Security Officer (ISSO) / Compliance Lead
ASSYST, Inc.•Rockville, MD
13h
About The Position
ASSYST is seeking an Information System Security Officer (ISSO) / Compliance Lead to support our client project. The ISSO provides expert-level guidance in the interpretation, tailoring, implementation, and validation of NIST 800-53 Rev 5 controls for the target system(s).
Requirements
- Experience guiding system developers, engineers, and project stakeholders in implementing NIST Special Publication 800-53 Revision 5 security and privacy controls.
- Experience preparing startup documents such as FIPS-199 categorizations and Privacy Impact Assessments (PIA).
- Experience registering systems in the NIH Governance, Risk, and Compliance (GRC) repository.
- Experience developing and refining security documentation required under the Risk Management Framework (RMF).
- Experience preparing the System Security Plan (SSP) and supporting artifacts.
- Experience advising developers and business owners on implementing privacy controls in accordance with federal privacy regulations.
Responsibilities
- Advise developers and architects during system design, development, testing, and deployment.
- Assist with control selection, inheritance, and tailoring for system categorization levels.
- Translate NIST 800-53 Rev 5 controls into actionable technical and procedural implementation steps.
- Provide documentation support for security compliance artifacts required for the Authority to Operate (ATO) process.
- Participate in system planning, architecture discussions, sprint reviews, and design reviews.
- Provide guidance on integrating security and privacy controls into system requirements, architecture, and data flows.
- Ensure DevSecOps and security-by-design principles are applied.
- Assist ITRB Development and Infrastructure teams in mapping system functions to applicable NIST 800-53 Rev 5 controls.
- Develop control baselines appropriate for the system’s FIPS 199 categorizations.
- Identify common controls available from enterprise services and determine where system-specific controls are required.
- Provide guidance for developers on implementing required controls such as logging, encryption, secure API management, and identity and access management.
- Review implementation artifacts such as code snippets, configuration files, system diagrams, and test results.
- Advise developers and business owners on implementing privacy controls (PT, AR, AP, DI, IP families) in accordance with NIST 800-53 Rev 5 and federal privacy regulations.
- Support privacy risk assessments and data flow analyses.
- Ensure privacy considerations are integrated into system design.
- Assist in preparing and refining security documentation required under the Risk Management Framework (RMF) including: System Security Plan (SSP) and supporting artifacts Security Assessment Plan (SAP) Security Assessment Report (SAR) Plan of Action & Milestones (POA&M) Continuous Monitoring Strategy Privacy Impact Assessment (PIA) support
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
Job Search Resources
Similar Information System Security Officer (ISSO) / Compliance Lead job opportunities
Explore More Jobs
