Information System Security Officer

Quzara LLC•Washington, DC

3d•Hybrid

About The Position

The Federal Support Information System Security Officer (FSISSO) is responsible for implementing and managing a robust information security program to protect the confidentiality, integrity, and availability of information systems managed by the federal agency. This role blends strategic advisory with technical execution to ensure compliance with relevant federal frameworks and regulations, including NIST, FISMA, FedRAMP, and agency-specific cybersecurity mandates. The FSISSO will lead efforts in risk management, third-party vendor assessments, incident response, security architecture, and policy governance to safeguard federal IT systems and data.

Requirements

Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field.
5+ years of experience in federal information security roles, including risk management, incident response, and compliance.
Proven experience in applying NIST frameworks (800.53, CSF, 800.82), FedRAMP, FISMA, CJIS, HITRUST, and other regulatory baselines.
Demonstrated expertise in conducting risk and vulnerability assessments, implementing security controls, and developing policy and procedure documentation.
Experience managing A&A processes, third-party risk programs, and compliance across enterprise systems.
Familiarity with secure cloud operations in AWS and Azure environments.
Experience collaborating across departments including engineering, CISO, legal, and audit teams.
Excellent analytical, communication, and collaboration skills; ability to tailor security messages to both technical and executive audiences.

Nice To Haves

Certified Information Systems Security Professional (CISSP) – ISC2
Microsoft Certified Systems Engineer (MCSE)

Responsibilities

Develop, implement, and maintain cybersecurity policies, standards, and procedures aligned with federal regulations (e.g., NIST 800.53, FISMA, FedRAMP).
Conduct ongoing risk assessments, vulnerability assessments, and compliance audits to ensure proper security posture across information systems.
Lead and document security assessments and authorization (A&A) packages, working across technical and executive teams to support continuous monitoring and POA&M tracking.
Manage incident response planning and execution, including forensic analysis, remediation, and root cause investigations.
Oversee the execution of vulnerability scanning, penetration testing, and third-party vendor risk evaluations, using tools like Nessus.
Support secure system development and cloud migration efforts (e.g., AWS, Azure), ensuring adherence to DevSecOps and secure SDLC practices.
Develop and present metrics, compliance dashboards, and executive briefings to senior leadership on the current state of security programs and initiatives.
Lead cross-team collaboration to align cybersecurity strategies, remediation plans, and policy enforcement with company-wide initiatives.
Maintain and enhance the security of critical infrastructure systems (e.g., IoT, OT devices) where applicable.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume