Information Systems Security Officer (ISSO)

GE Aerospace•Evendale, OH

5d•Onsite

About The Position

The Information System Security Officer (ISSO) is responsible for the security posture, authorization, and ongoing monitoring of classified and/or sensitive information systems in accordance with applicable Federal, DoD, and Intelligence Community cybersecurity policies and standards, with particular emphasis on the Joint Special Access Program (SAP) Implementation Guide (JSIG) requirements. The ISSO works closely with the Information System Security Manager (ISSM), system owners, administrators, and program management to implement, maintain, and continuously improve the security of systems throughout their lifecycle. Company Intro/About Us: GE Aerospace is a world-leading provider of jet engines, components, and integrated systems for commercial and military aircraft. At GE Aerospace, we are dedicated to pushing the boundaries of aviation technology to create a safer, more efficient, and sustainable future. Working here means being part of a team that values innovation, collaboration, and continuous improvement. Site, Business, OR Functional Area Overview: Our cybersecurity team at the Evendale, OH site is committed to protecting our information systems and ensuring compliance with security policies. We foster a culture of inclusivity and innovation, where diverse perspectives are celebrated. We are committed to Diversity, Equity, Inclusion, and Belonging (DEIB) and offer comprehensive employee benefits, including health insurance, retirement plans, and professional development opportunities. Role Overview: As an Information Systems Security Officer (ISSO), you will ensure that we keep an inspection ready security posture in accordance with JSIG and NIST SP 800-53 controls. This position is primarily on-site. You will ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures as outlined in the SSP. Implement, maintain, and document security controls on classified information systems in accordance with Risk Management Framework (RMF) and JSIG guidance. Support development, update, and maintenance of security authorization packages (e.g., SSP, SCTM, POA&M, Continuous Monitoring (ConMon) plans) to achieve and sustain Authorization to Operate (ATO) or equivalent approvals under JSIG. Perform and document periodic security reviews, system self-inspections, configuration audits, and vulnerability scans; track and remediate findings within required timelines. Oversee day-to-day security operations for assigned systems, including account management, audit log review, incident tracking, media protection, and secure configuration management. Evaluate proposed system changes (hardware, software, firmware, network architecture) for security impact and advise the ISSM and system owner on JSIG and RMF implications. Participate in internal and external security assessments, inspections, and program reviews; coordinate responses and corrective action plans for identified issues. Assist in investigation, reporting, and resolution of cybersecurity incidents, including containment, eradication, recovery, and implementation of lessons learned. Ensure that system documentation, baselines, and authorization artifacts remain current and accurately reflect the operational environment and JSIG-driven controls. Provide security guidance to system administrators and engineers, including application of DISA STIGs/SRGs and hardening requirements for Windows, Linux, network, and virtualization platforms. Support and promote security education, training, and awareness activities for users and administrators, with emphasis on SAP and JSIG-specific requirements. The Ideal Candidate: The ideal candidate is a dedicated and knowledgeable ISSO with a passion for security and compliance. They thrive in a collaborative environment and are committed to delivering high-quality work.

Requirements

U.S. citizen with an active Secret security clearance; eligibility for SCI and/or SAP indoctrination as required by the program.
Bachelor’s degree from an accredited college or university (or a High School Diploma/GED with 4 years relevant experience)
Typically, 3–5+ years of experience in cybersecurity, information assurance, or system security engineering supporting DoD and/or Intelligence Community programs.
Hands-on experience implementing and assessing security controls under RMF using NIST security and privacy controls (e.g., NIST SP 800-53).
Direct experience supporting JSIG-based authorizations or working within SAP/SCI or similarly controlled environments.
DoD 8570.01-M compliant IAT Level II or IAM Level II/III certification (e.g., Security+, CISSP, CISM, CAP) or the ability to obtain within 6 months of hire.
Strong understanding of operating system and network security, including firewalls, endpoint protection, SIEM, and vulnerability management tools.
Demonstrated ability to interpret and apply cybersecurity policy and technical guidance, produce clear documentation, and communicate effectively with both technical and non-technical stakeholders.

Nice To Haves

Experience obtaining and maintaining ATOs for systems governed by JSIG and ICD 503 (or similar IC/DoD processes).
Experience supporting or integrating multiple classification levels, cross domain solutions, and assured file transfer mechanisms consistent with JSIG guidance.
Strong problem-solving skills, attention to detail, and a bias for action in meeting security and compliance timelines.
Ability to build collaborative relationships with ISSM, program management, engineering, and operations teams.
Demonstrated commitment to continuous improvement, standard work, and disciplined execution in support of safety, quality, delivery, and cost outcomes.
Ability to coordinate several projects simultaneously.

Responsibilities

Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures as outlined in the SSP.
Implement, maintain, and document security controls on classified information systems in accordance with Risk Management Framework (RMF) and JSIG guidance.
Support development, update, and maintenance of security authorization packages (e.g., SSP, SCTM, POA&M, Continuous Monitoring (ConMon) plans) to achieve and sustain Authorization to Operate (ATO) or equivalent approvals under JSIG.
Perform and document periodic security reviews, system self-inspections, configuration audits, and vulnerability scans; track and remediate findings within required timelines.
Oversee day-to-day security operations for assigned systems, including account management, audit log review, incident tracking, media protection, and secure configuration management.
Evaluate proposed system changes (hardware, software, firmware, network architecture) for security impact and advise the ISSM and system owner on JSIG and RMF implications.
Participate in internal and external security assessments, inspections, and program reviews; coordinate responses and corrective action plans for identified issues.
Assist in investigation, reporting, and resolution of cybersecurity incidents, including containment, eradication, recovery, and implementation of lessons learned.
Ensure that system documentation, baselines, and authorization artifacts remain current and accurately reflect the operational environment and JSIG-driven controls.
Provide security guidance to system administrators and engineers, including application of DISA STIGs/SRGs and hardening requirements for Windows, Linux, network, and virtualization platforms.
Support and promote security education, training, and awareness activities for users and administrators, with emphasis on SAP and JSIG-specific requirements.

Benefits

comprehensive employee benefits, including health insurance, retirement plans, and professional development opportunities
GE Aerospace offers a great work environment, professional development, challenging careers, and competitive compensation.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume