Information System Security Officer (ISSO)

Key Responsibilities Follow information security policies, methods, standards, Federal Information Security Management Act (FISMA/National Institutes of Standard and Technology (NIST) standards and practices to organizational information systems, IT reference materials and interpret regulations. Conduct risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, rules, and protection needs tailored through the Risk Management Framework (RMF). Assist the ISSM in meeting their duties and responsibilities. The ISSO shall assume ISSM responsibilities in the absence of the ISSM. Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures as outlined in the security authorization package. Attend required technical and security training (e.g., operating system, networking, security management) relative to assigned duties. Report all security-related incidents to the ISSM. Conduct periodic reviews of information systems to ensure compliance with the security authorization package. Coordinate any changes or modifications to hardware, software, or firmware of a system with the ISSM and AO/DAO prior to the change. Monitor system recovery processes to ensure security features and procedures are properly restored and function correctly. Ensure all IS security-related documentation is current and accessible to properly authorized individuals. Ensure audit records are collected, reviewed, and documented (to include any anomalies). Required Qualifications Familiarity with security compliance processes and an understanding of the steps involved in supporting an Authority to Operate (ATO) lifecycle. Familiarity with researching applicable regulations, standards, and security requirements and summarize findings to support secure system operations. Basic understanding of information security concepts, including common tactics and techniques used by malicious actors, and awareness of approaches to mitigate vulnerabilities Bachelor’s in an applicable discipline U.S. citizenship with an active SECRET clearance, and eligibility for TOP SECRET upgrade. Must have a DoD 8140 certification (Security+) Preferred Qualifications Knowledge and expertise in Cybersecurity requirements, network technologies, and computer security as applied to Department of Defense (DoD) networks Experience developing SOPs and SSPs Excellent verbal and written communication skills along with customer interaction and presentation capabilities required. Canvas was founded by Jami Peyton in 2007 to deliver real-world engineering and technology solutions that strengthen national defense. Since then, we’ve been guided by technical excellence, operational insight, and a shared commitment to the warfighter. Teamwork drives everything we do, enabling close collaboration across programs, customers, and colleagues to solve complex challenges. Our work supports key national security priorities like missile defense, test and evaluation, digital transformation, and warfighter readiness. As an award-winning company built on integrity, agility, and innovation, Canvas continues to grow and deliver mission-critical solutions that support the future of national defense.