Information System Security Officer (ISSO), Senior

About The Position

Requirements

• Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD
• Clearance: Active TS/SCI clearance.
• Candidate must meet ONE of the following: Master’s degree or Ph.D. in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, Software Engineering, or a related field; OR Relevant DoD/military training (examples: 4C‑FA26A; M09CHN1; A‑531‑0009; Information Systems Security Manager (Advanced) Playlist); OR Relevant professional certification or equivalent experience (examples: CISM, CISSP, CISSP‑ISSMP, FITSP‑M, GCIA, GCIH, GICSP, GSLC).
• Cybersecurity experience with at least 3 years performing ISSO or equivalent system security roles in DoD or large enterprise environments.
• Deep working knowledge of RMF/ATO processes, NIST SP 800‑53 controls, DISA STIGs/SRGs, vulnerability management, and eMASS evidence workflows.
• Proven ability to validate control implementations, manage POA&Ms, and coordinate remediation across engineering and operations teams.
• Strong documentation and briefing skills for audit readiness, accreditation packages, and senior leadership updates.

Nice To Haves

• Prior DoD/ARNG ISSO experience and familiarity with system authorization timelines and inspection readiness.
• Experience integrating continuous monitoring with SOC/CIRT workflows and automating evidence collection where feasible.

Responsibilities

• Manage system‑level cybersecurity programs: oversee RMF lifecycle activities, control implementation, continuous monitoring, and accreditation evidence.
• Review and validate security documentation, system security plans (SSPs), control implementation statements, POA&Ms, and configuration baselines to assess residual risk.
• Coordinate with system owners, engineers, ISSMs, assessors, and integrators to remediate control deficiencies and maintain authorization posture.
• Advise leadership on risk acceptance, compliance obligations, and remediation prioritization; prepare briefing materials for authorization and governance boards.
• Implement and monitor continuous monitoring processes: vulnerability scanning, configuration checks, patch status, and security telemetry integration.
• Support audit and inspection readiness by producing evidence packages, control test results, and remediation verification artifacts.
• Maintain documentation, control traceability, and change records to support eMASS/RMF workflows and accreditation requirements.
• Mentor and guide ISSO/technical staff on control implementation practices, evidence collection, and RMF procedures.