Information System Security Representative (ISSR) – Sr

About The Position

Requirements

• Active Top Secret clearance with eligibility for SCI.
• U.S. Citizenship is required due to the nature of the government contract.
• Bachelor’s or advanced degree in Computer Science, Cybersecurity, Information Technology, or a related discipline.
• 10+ years of professional experience in computer science or cybersecurity, including 8+ years in senior-level IT roles.
• 7+ years of direct ISSR experience at a cleared facility.
• Demonstrated leadership in RMF lifecycle implementation and security engineering.
• In-depth knowledge of NIST guidance, SAA processes, and federal cybersecurity compliance frameworks.
• Proven ability to lead cross-functional teams and communicate effectively with executives and stakeholders.
• Strong skills in risk analysis, technical documentation, and mentoring.
• At least one of the following certifications: o CISSP, GISP, CASP, CSSLP o CISSP-ISSEP or CISSP-ISSAP o Other certifications meeting DoD 8570.1 IAM Level II requirements
• Experience with security tools such as: o Tenable Nessus/Security Center o IBM Guardium o HP WebInspect o NMAP or similar applications

Nice To Haves

• Preferred experience with Joint Cybersecurity Authorization Management (JCAM) and/or Xacta.

Responsibilities

• Ensure that controlled systems are operated, maintained, and disposed of in accordance with the internal security policies and practices outlined in the approved Security Assessment and Authorization (SAA) package.
• Manage the SAA process for new controlled systems and legacy federal agency systems migrating into the GRC application.
• Provide baseline security controls to the system owner, contingent upon the system’s security categorization, type of information processed and entity type.
• Provide a recommendation to the Authorizing Official, in consultation with the system owner, regarding systems’ impact levels and system’s authorization boundary.
• Ensure that new entities are created in the GRC application with the security categorization of systems.
• Initiate, coordinate, and recommend to the federal agency Authorizing Official all Interconnection Security Agreement (ISAs), Memorandum of Understanding (MOUs), and Memorandum of Agreement (MOAs) that permit the interconnection of controlled systems with any non-federal agency or joint-use network.
• Perform an independent review of the System Security Plan (SSP) and make approval decisions.
• Request and negotiate the level of testing required for a controlled system with the Enterprise Information Security Section and the federal agency Authorizing Official.
• Schedule security control assessments in coordination with the system owner.
• Coordinate Information Security inspections, tests, and reviews with the Security and system owner. Submit the final SAA package to the federal agency Authorizing Official for a security ATO decision.
• Ensure that the Security ATO Electronic Communication (EC) is serialized into Sentinel under the applicable case file number.
• Advise the federal agency Authorizing Official of system vulnerabilities and residual risks.
• Ensure that all POA&M actions are completed and tested.
• Coordinate initiation of an event-driven reauthorization with the federal agency Authorizing Official.
• Ensure the removal and retirement of controlled systems being decommissioned, in coordination with the SO, ISSO, and ISSR.