Information System Security Officer (ISSO)

Dragonfli Group•Washington, DC

11d

About The Position

Dragonfli Group is a cybersecurity and IT consulting firm providing services to federal agencies and Fortune 100 enterprises. Headquartered in Washington, DC, Dragonfli supports clients in securing mission-critical systems across on-site, hybrid, and fully remote environments. This contract Information System Security Officer (ISSO) role supports a large federal agency and is responsible for protecting digital identities, network assets, and hosted applications within a large-scale IT environment. The ISSO will implement security controls, conduct risk assessments, and document compliance measures using tools such as network and vulnerability scanning technologies, and Governance, Risk, and Compliance (GRC) tools. The role requires seasoned IT security expertise, hands-on technical skills, and strong communication and planning abilities. It's a high-impact opportunity to shape identity and access security within a major federal agency. This is a multi-year contract position involving a large US federal agency. Candidates with previous federal contracting experience are preferred. U.S. Citizenship or Permanent Residency required. If hired, all work related to this role must be performed within the continental U.S.

Requirements

Proficiency in security assessments and management of large projects/initiatives.
Experience implementing security controls and conducting risk assessments.
Knowledge of NIST RMF and ISO standards.
Experience with network and vulnerability scanning tools.
Proficiency in utilizing GRC tools for A&A processes.
Strong organizational skills.
Effective communication and collaboration skills.
U.S. Citizenship or Permanent Residency.

Nice To Haves

Strong understanding of security architecture principles and best practices.
Ability to manage multiple projects of large size, complexity, and risk.
Proficiency in developing security blueprints and guidelines.
Expertise in risk, compliance, and assurance management.
Ability to serve as a subject matter expert in A&A processes.
Strong organizational and planning skills.
Effective communication skills for executive briefings.
Ability to work effectively with cross-functional teams.

Responsibilities

Manage responsibility for security assessments of various applications or domains, including cloud computing.
Implement security controls and conduct risk assessments based on NIST RMF and ISO standards.
Support documentation, validation, and accreditation processes to meet information assurance and security requirements.
Ensure appropriate treatment of risk, compliance, and assurance from internal and external perspectives.
Develop actionable security blueprints, principles, models, designs, standards, and guidelines.
Utilize network and vulnerability scanning tools to interrogate systems for configuration and status.
Design, implement, and maintain secure IT infrastructures in alignment with A&A policies.
Utilize GRC tools for managing Assessment & Authorization (A&A) processes.
Serve as subject matter expert for the A&A process, providing guidance to stakeholders and business units.
Build and maintain schedules and step-by-step action plans.
Communicate and collaborate with cross-functional teams, business units, stakeholders, and IT professionals.