Information System Security Officer (ISSO) – Senior

NextGen Federal Systems•Aberdeen, MD

About The Position

NextGen is seeking a highly skilled and proactive Information System Security Officer (ISSO) to join our team in support of critical U.S. Army defense missions. The ideal candidate will bring deep expertise in cybersecurity risk management, NIST Risk Management Framework (RMF) implementation, security control assessment, and hands-on eMASS (Enterprise Mission Assurance Support Service) management to ensure the ongoing authorization, continuous monitoring, and operational security posture of classified and sensitive Army information systems. This role is designed for a seasoned ISSO who excels at applying federal cybersecurity standards and DoD policies to the unique demands of Army contract environmentsâwhere compliance, rigorous documentation in eMASS, and close collaboration with authorizing officials, system owners, and engineering teams are essential. The successful candidate will maintain the security integrity of complex battlefield and mission-critical systems, enabling secure, compliant operation and integration of capabilities into operational Army environments through effective eMASS package management and RMF artifact oversight.

Requirements

Security Clearance: Active Top Secret with SCI eligibility
Education: Bachelor's degree in Computer Science, Information Technology (IT), Cybersecurity / Information Assurance, Engineering, or a related technical field. (Years of experience may be accepted in lieu of degree).
Certifications: Security+ (or higher DoD 8140/8570 IAT Level II/III compliance).
Hands-on Experience: managing eMASS packages end-to-end, including creating/updating authorization records, uploading RMF artifacts (SSP, SAR, POA&M, control evidence), tracking milestones, and ensuring timely ATO submissions and approvals.
Direct Experience: implementing and managing the NIST Risk Management Framework (RMF) for DoD/Army information systems, including developing/maintaining System Security Plans (SSP), conducting Security Impact Analyses (SIA), managing POA&Ms, and supporting continuous monitoring and ATO processes.

Nice To Haves

Certifications: Professional certifications such as CISSP (Certified Information Systems Security Professional) certification (or equivalent advanced credential such as CISM, CASP+, or CCISO) in good standing.
Specialized Experience: Experience supporting Army-specific programs or systems (e.g., C5ISR, mission command, ground combat vehicles, tactical networks, or ARCYBER-related efforts).
Knowledge: Of emerging Army cybersecurity priorities, including Multi-Domain Operations (MDO), information dominance, zero-trust architecture implementation, or cybersecurity for tactical edge systems.
Demonstrated Success: In achieving and maintaining ATOs for complex, high-impact systems under tight timelines, with a track record of effective POA&M closure, risk acceptance justification, and positive audit/inspection outcomes.

Responsibilities

Serve as the primary cybersecurity point of contact for one or more assigned Army information systems, maintaining the overall security posture and ensuring ongoing compliance with DoD and Army directives throughout the system lifecycle.
Coordinate and support independent security control assessments, third-party audits, Army cybersecurity inspections, and compliance reviews, ensuring all findings are documented, tracked, and resolved in eMASS.
Develop, update, and maintain System Security Plans (SSP), security assessment reports, control implementation statements, and other RMF authorization artifacts required to obtain and maintain Authority to Operate (ATO).
Conduct continuous monitoring activities, including vulnerability scanning, security control assessments, log reviews, and configuration change tracking, to identify, document, and mitigate risks in a timely manner.
Manage and track Plans of Action and Milestones (POA&M) for identified security weaknesses, coordinating remediation efforts with system owners, engineers, and Army program offices to achieve closure within required timelines.
Perform Security Impact Analyses (SIA) for proposed system changes, modifications, or upgrades, assessing potential effects on security controls and recommending mitigations to maintain authorization status.
Prepare, compile, and submit RMF documentation packages in eMASS (or equivalent Army systems), including security control inheritance documentation, test results, and evidence of control effectiveness.
Coordinate and support independent security control assessments, third-party audits, and Army cybersecurity inspections, ensuring all findings are addressed and documented appropriately.
Monitor system configuration baselines for unauthorized changes, enforce configuration management controls related to security, and participate in Configuration Control Boards (CCB) when security-relevant changes are proposed.
Provide cybersecurity guidance and training to system administrators, developers, and other team members to promote secure practices and ensure Army systems remain compliant with RMF, NIST SP 800-53, DoD 8510.01, and AR 25-2 requirements.
Prepare and deliver regular security status reports, risk briefings, and metrics to Army program leadership, authorizing officials, and stakeholders, highlighting current risk posture, emerging threats, and mitigation progress.