Information System Security Officer (ISSO III)

About The Position

Requirements

• Bachelor's degree in computer science, information technology, communications systems management, or an equivalent science, technology, engineering & mathematics (STEM) degree from an accredited college or university.
• Six (6) years of experience coordinating and enacting required security changes, within various levels of an organization, ensuring compliance with published policies; conducting cybersecurity vulnerability and threat analysis; and support cyber incident-response by isolating potentially effected assets, initial investigation, and data collection, through status updates/reporting.
• Advanced Certifications such as CISSP, CRISC, CASP+, CEH, or AWS/Azure security certifications demonstrating specialized cybersecurity knowledge beyond baseline requirements
• Experience with Navy cybersecurity environments, particularly NAVSEA, including familiarity with their unique RMF workflows, eMASS conventions, and VRAM usage
• Prior support to Navy Qualified Validators (NQV) or direct experience participating in security control validation activities
• Experience leading RMF packages through the full lifecycle-from categorization and control selection through assessment, authorization, and continuous monitoring
• Hands-on knowledge of eMASS, VRAM, ACAS, and HBSS (or equivalent DoD tools) for continuous monitoring and vulnerability remediation
• Familiarity with CCORI or CCRI preparations and inspections, including previous participation in Navy or DoD cyber readiness events
• Strong technical writing skills for drafting and maintaining SSPs, POA&Ms, SOPs, SLCM Strategies, and other RMF-related documentation
• Working knowledge of Security Technical Implementation Guides (STIGs) and tools such as STIG Viewer, SCAP Compliance Checker, and Nessus
• Experience coordinating with developers, system owners, and network engineers to remediate vulnerabilities and implement security controls
• Knowledge of DoD Cloud Security Requirements Guide (SRG) and experience supporting ATO packages for cloud-hosted environments (e.g., AWS GovCloud, Azure IL4/IL5)
• Agile or DevSecOps environment experience, including continuous integration pipelines and automated security testing
• Demonstrated success working in multi-contractor environments, coordinating with multiple stakeholders, and supporting large system portfolios
• Strong interpersonal and communication skills, with ability to brief technical findings to senior leadership and non-technical audiences

Responsibilities

• Assist Information System Security Managers (ISSMs) in executing their cybersecurity responsibilities.
• Ensure full compliance with NAVSEA, Department of the Navy (DON), and Department of Defense (DoD) cybersecurity policies.
• Maintain up-to-date cybersecurity policy and procedural documentation, ensuring accessibility to authorized personnel.
• Coordinate and manage cybersecurity processes and activities for assigned systems.
• Track and report the status of Assess Only (AO) and Assessment and Authorization (A&A) activities to Program Managers, Information System Owners, and ISSMs.
• Provide oversight of Security Plans for assigned systems throughout their lifecycle.
• Manage and maintain Plan of Actions and Milestones (POA&Ms), ensuring vulnerabilities are documented, tracked, mitigated, and remediated where feasible.
• Support identification of appropriate security control baselines and overlays.
• Coordinate validation of security controls with Navy Qualified Validators (NQVs).
• Conduct Risk Management Framework (RMF) Standard Operating Procedure (SOP) reviews.
• Adjudicate findings submitted by the Package Submitting Officer (PSO).
• Register and maintain cybersecurity system data within the Enterprise Mission Assurance Support Service (eMASS).
• Plan and coordinate testing of security controls during risk assessments and annual security reviews.
• Report changes in system security posture to the ISSM.
• Execute Continuous Monitoring activities in alignment with the System Level Continuous Monitoring (SLCM) Strategy.
• Review data from Continuous Monitoring, update eMASS records accordingly, and escalate issues to leadership when necessary.
• Correlate findings from vulnerability assessments-including Developmental Testing (DT), Operational Testing (OT), penetration testing, and Command Cyber Operational Readiness Inspections (CCORI)-to RMF controls to ensure comprehensive risk management.
• Participate in change control and configuration management proces

Benefits

• Competitive compensation
• Comprehensive insurance options
• Matching contributions through the 401(k) plan and the share purchase plan
• Paid time off for vacation, holidays, and sick time
• Paid parental leave
• Learning opportunities and tuition assistance
• Wellness and Well-being programs