Isso

About The Position

Requirements

• Bachelors and nine (9) years or more experience; Masters and seven (7) years or more experience; PhD or JD and four (4) years or more experience. (Education can be substituted for experience in lieu of degree.)
• Active Top Secret/SCI with Polygraph.
• DoD 8570 IAT Level II or higher (Security+ CE, CASP+ CE, CISSP, etc.).
• 7+ years of Information Security experience.
• Demonstrated experience implementing the RMF process, applying NIST 800‑53 controls, and developing/maintaining certification and accreditation documentation.
• Experience with ICD‑503 RMF implementation within the Intelligence Community.
• Strong ability to interpret technical documentation and assess alignment with policy, process, and security requirements.
• Excellent written and verbal communication skills, with the ability to translate technical findings into clear, actionable guidance for customers and stakeholders.

Nice To Haves

• Preferrable as an ISSO, ISSE, or DAOR.
• Prior experience supporting cybersecurity operations or compliance within the IC.

Responsibilities

• Provide cybersecurity oversight and governance for new and existing customer systems leveraging the enterprise Software Platform to meet mission needs across multiple customer sets.
• Ensure full adherence to ICD‑503, NIST RMF, and customer‑specific directives and policies throughout the lifecycle (RMF Steps 1–6) of customer‑sponsored information systems.
• Support cloud‑based and on‑premise systems in maintaining compliance with all Federal and Agency cybersecurity requirements.
• Monitor, detect, and report cybersecurity risks, vulnerabilities, and threats; coordinate mitigation activities with technical teams and stakeholders.
• Collaborate closely with technical teams, customer leadership, developers, and other security personnel to ensure secure system design, implementation, and operation.
• Analyze technical and non‑technical data/metadata to identify abnormal patterns, determine root causes, and support incident response or corrective actions.
• Provide formal risk recommendations and security impact assessments as part of the Authority to Operate (ATO) process.
• Manage and track Plans of Action and Milestones (POA&Ms), coordinating with ISSOs, ISSEs, ISSMs, SCAs, and system owners to ensure timely remediation.
• Review and validate new asset requests, ensuring proper sponsorship, system owner identification, and alignment with customer governance processes.
• Facilitate System Review Team activities to confirm correct regulatory assignments, data types, C‑I‑A impact levels, and overlay selections for customer‑sponsored assets.
• Assign and validate security controls; document control implementations and identify control gaps or required liens during accreditor reviews.
• Ensure systems maintain compliance with customer-defined Continuous Monitoring requirements (RMF Step 6), including reporting, scanning, and documentation updates.
• Provide ongoing, ad‑hoc authorization and security compliance support to both customer and program teams.