Information System Security Officer (ISSO)

About The Position

Requirements

• Strong knowledge in: NIST 800‑53, RMF, FISMA FedRAMP (if supporting cloud systems) Cloud security models (AWS/Azure/GCP) Network security & secure configurations Vulnerability management tools (Nessus, Qualys, OpenVAS) SIEM and logging (Splunk, Sentinel, QRadar) Identity and Access Management (MFA, RBAC, SSO) Zero Trust principles
• 5–10 years of experience in cybersecurity or information assurance.
• Strong written communication for policy, documentation, and audit responses.
• Ability to collaborate with cross-functional IT and security teams.
• Strong analytical and problem‑solving abilities.
• Candidate must be US Citizen OR Green Card to obtain Public Trust clearance and must have lived in the United States for at least three (3) out of the last five (5) years.

Nice To Haves

• Experience working with federal agencies (DoD, DHS, CMS, VA, etc.).
• Experience with DevSecOps pipelines and secure SDLC.
• Knowledge of container and microservices security.
• Experience with enterprise CMS environments (AEM, Drupal, Sitecore) if applicable.

Responsibilities

• Implement and manage security controls based on NIST SP 800‑53, RMF, and organizational security policies.
• Support security authorization (ATO) processes including SSPs, SARs, POA&Ms, and risk assessments.
• Ensure continuous compliance with regulatory frameworks (FISMA, FedRAMP, HIPAA, PCI as applicable).
• Lead and facilitate internal and external audits.
• Develop and maintain key cybersecurity documentation:  System Security Plans (SSP) Contingency Plans (CP) Incident Response Plans (IRP) Configuration Management Plans (CMP) POA&M tracking
• Conduct periodic risk assessments, vulnerability reviews, and mitigation planning.
• Oversee continuous monitoring activities, including log reviews, security scanning, patch verification, and control assessments.
• Track and report security incidents, findings, and corrective actions.
• Work with SOC, infrastructure, and application teams to remediate findings.
• Manage or support tools such as SIEM, endpoint security, IAM, vulnerability scanners, and configuration management repositories.
• Validate implementation of technical controls such as encryption, MFA, network ACLs, secure configurations (CIS benchmarks), and system hardening.
• Oversee user access reviews, privileged account monitoring, and identity lifecycle events.
• Act as the primary security POC for system owners, engineering teams, auditors, and leadership.
• Work closely with ISSM, SOC analysts, network/security engineers, and DevSecOps teams.
• Participate in system design reviews to ensure security requirements are incorporated early.
• Support incident detection, investigation, containment, and reporting.
• Participate in tabletop exercises and disaster recovery tests.
• Ensure compliance with organizational IR and BC/DR policies.

Benefits

• Healthcare Benefits
• Remote Working Options
• Paid Time Off
• PTO cash-out
• Training/Certification opportunities
• Healthcare Savings Account & Flexible Savings Account
• Paid Life Insurance
• Short-term & Long-term Disability
• 401K Match & Profit sharing
• Employee Assistance Program
• Paid Holidays
• much more perks and Voluntary benefits!
• Employees of C-HIT shall, as an enduring obligation throughout their term of employment, adhere to all information security requirements as documented in company policies and procedures.