ISSO-VA/DOD
About The Position
The Information System Security Officer (ISSO) is responsible for ensuring the security, compliance, and authorization of information systems in accordance with VA and DoD standards. This role focuses on supporting Risk Management Framework (RMF) activities, particularly for medical devices and healthcare IT systems, ensuring compliance with VA Directive 6500, HIPAA, and NIST Special Publications (800-53 Rev. 5 and 800-37). The ISSO works closely with system owners, engineers, and Authorizing Officials to maintain system security posture, support ATO processes, and ensure continuous monitoring across networked environments.
Requirements
- Experience as an ISSO, ISSM, or cybersecurity professional in federal environments
- Strong knowledge of NIST SP 800-53 Rev. 5
- Strong knowledge of NIST RMF (800-37)
- Strong knowledge of VA Directive 6500 / 6500 series
- Strong knowledge of HIPAA security requirements
- Experience with ATO package development and maintenance
- Understanding of network architecture and cybersecurity principles
- Experience supporting DoD or VA systems (highly preferred)
- Familiarity with medical device cybersecurity or healthcare IT systems
Nice To Haves
- ServiceNow CAM a HUGE PLUS
- Experience with VA or DoD medical systems / biomedical environments
- Knowledge of FISMA and federal compliance frameworks
- Familiarity with eMASS (DoD) or VA equivalent systems
- Familiarity with vulnerability scanning tools (ACAS, Nessus)
- Certifications such as Security+, CISSP, CAP, or CISM
Responsibilities
- Support full lifecycle RMF activities in alignment with NIST 800-37
- Develop and maintain RMF artifacts including: System Security Plans (SSP), Security Assessment Reports (SAR), Plan of Action & Milestones (POA&M)
- Coordinate and support Authority to Operate (ATO) and reauthorization efforts
- Work with Authorizing Officials (AO), ISSMs, and system owners
- Assess cybersecurity risks for network-connected medical devices
- Ensure compliance with VA 6500 and relevant VA Handbook 6500.x controls
- Evaluate vendor documentation and security controls for medical equipment
- Support integration of medical devices into secure VA/DoD networks
- Collaborate with biomedical engineering and clinical teams on risk mitigation
- Review and understand network architectures supporting enterprise and clinical systems
- Identify vulnerabilities across networked environments (LAN/WAN/cloud)
- Ensure proper system boundary definitions and data flow documentation
- Validate security configurations and segmentation for sensitive systems
- Implement and assess controls aligned with NIST SP 800-53 Rev. 5, VA Directive 6500, and HIPAA Security Rule
- Conduct control assessments and continuous monitoring activities
- Track, manage, and remediate vulnerabilities
- Maintain ongoing system security posture through continuous monitoring
- Analyze security scan results (e.g., ACAS, Nessus, STIG compliance)
- Manage and update POA&Ms and risk registers
- Support incident response and reporting activities as required
- Serve as a liaison between cybersecurity, engineering, and clinical stakeholders
- Provide security guidance to system owners and project teams
- Communicate risk posture clearly to leadership and compliance authorities
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
