Information System Security Officer

About The Position

Requirements

• Expert knowledge of US Federal IT security policies, implementation standards, and NIST SP 800-series and FIPS requirements.
• Advanced proficiency applying IT security concepts, methodologies, and tools, including vulnerability management, asset management, and enterprise security platforms.
• Deep experience with enterprise architecture and security engineering principles.
• Senior-level expertise in contingency planning, continuity of operations, and disaster recovery aligned with NIST guidance.
• Comprehensive understanding of encryption technologies, secure data handling, and cryptographic best practices.
• Demonstrated mastery of IT security tools, applications, and implementation techniques across diverse federal environments.
• Minimum of 10 years of progressive experience in federal cybersecurity, information assurance, or IT security operations, including direct support to federal programs and execution of NIST-based security frameworks.
• Leading the development of IT security requirement solutions, including authoring white papers, technical analyses, and executive-level documentation.
• Directing the creation of solution migration strategies, implementation plans, and security engineering roadmaps.
• Developing, implementing, and governing IT security policies, procedures, and standards across enterprise environments.
• Serving as a senior advisor to leadership on cybersecurity risk, compliance, and system authorization activities.
• Managing RMF activities for complex or high-impact federal systems.
• At least one senior level certification must be included: CompTIA A+, Network+, Security+; GCIH, GSE, GISP, GSLC; ISC2 CAP, SSCP, CISSP; CISA, CRISC; SCNP, SCNA

Responsibilities

• Serve as the primary cybersecurity advisor to federal program leadership, system owners, and technical teams on all matters related to IT security, risk, and compliance.
• Lead the development, implementation, and continuous improvement of the program’s cybersecurity posture in alignment with federal directives and policies.
• Oversee the application of NIST SP 800-series guidance, FIPS requirements, and federal IT security standards across all assigned systems.
• Direct the creation, review, and maintenance of security policies, procedures, standards, and governance documentation.
• Lead the execution of the Risk Management Framework (RMF) lifecycle, including categorization, control selection, implementation, assessment, authorization, and continuous monitoring.
• Develop and maintain system security plans (SSPs), POA&Ms, security assessment reports, and other RMF artifacts.
• Conduct senior-level risk analyses, recommending mitigation strategies and presenting risk decisions to Authorizing Officials and senior stakeholders.
• Ensure compliance with federal IT security baseline policies and all applicable federal cybersecurity requirements.
• Provide expert guidance on the implementation and monitoring of security controls across Windows, Linux, and hybrid enterprise environments.
• Oversee the use of enterprise security tools such as Cybersecurity Asset Management, Tenable Security Center, and other vulnerability, configuration, and compliance platforms.
• Lead the development and validation of contingency plans, backup strategies, and disaster recovery procedures, ensuring alignment with NIST SP 800-34 and related guidance.
• Provide senior-level expertise in encryption technologies, secure configurations, and data protection best practices.
• Direct vulnerability management activities, ensuring timely remediation and reporting of findings.
• Lead incident response coordination with federal cybersecurity teams, providing expert analysis and documentation.
• Oversee continuous monitoring activities, dashboards, and reporting to ensure ongoing compliance and operational readiness.
• Develop high-quality white papers, technical briefs, and decision documents for senior leadership.
• Present complex cybersecurity issues and recommendations to executives, system owners, and cross-agency partners.
• Lead security reviews, audits, and assessments, ensuring accurate and complete documentation.
• Coordinate with federal CIO offices, cybersecurity leadership, system owners, network administrators, and external partners to ensure a unified security posture.
• Mentor junior ISSOs, analysts, and technical staff, providing guidance on federal cybersecurity practices and NIST frameworks.
• Represent the Pacific Region program in enterprise-level cybersecurity working groups and governance boards.

Benefits

• 401(k)
• Dental insurance
• Health insurance
• Paid time off
• Vision insurance