Systems Security Officer (ISSO)

ASRC Federal•Washington, DC

1d•Hybrid

About The Position

ASRC Federal Technology Solutions is looking for an experienced Information Systems Security Officer (ISSO) responsible for ensuring the confidentiality, integrity, and availability of information systems by implementing and maintaining security controls in compliance with organizational policies, federal regulations, and industry standards. The ISSO serves as a key member of a small cybersecurity team and must be independently motivated to ensure the protection of key systems while working closely with the client to maintain expectations. Responsible for overseeing the security posture of assigned systems, conducting risk assessments, and ensuring compliance with frameworks such as NIST, FISMA, and FedRAMP. Hybrid work schedule (onsite 3-days a week, Washington, DC).

Requirements

Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience).
8 years of experience in cybersecurity, information assurance, or a related field.
Experience with security frameworks such as NIST 800-53, FISMA, and FedRAMP.
Prior experience as an ISSO supporting system security authorization processes.
Ability to obtain a DOE Q Clearance (TS Equivalent).

Nice To Haves

CISSP, CISA, CISM, CompTIA Security+, CAP, or other relevant cybersecurity certifications.

Responsibilities

Developing, implementing, and maintaining System Security Plans (SSPs) for assigned information system(s).
Monitoring and evaluating system security controls on a daily/weekly/monthly frequency to ensure ongoing compliance with organizational and regulatory requirements.
Conducting regular security assessments, evaluating vulnerability scans, and monitoring audits to identify and mitigate risks.
Applying the NIST SP 800-53, Security and Privacy Controls for Information Systems and Organizations document.
Working closely with technical staff to explain and interpret NIST security controls to address both obvious and interpreted control requirements.
Coordinating with system owners and stakeholders to address security vulnerabilities and implement corrective actions.
Briefing leadership on ongoing system risk posture.
Maintaining Plan of Actions and Milestones (POA&M) to track and resolve security weaknesses.
Responding to compliance reporting requirements for system performance.
Ensuring systems comply with federal regulations (e.g., FISMA, FedRAMP) and organizational policies.
Preparing and submitting security documentation, including Authorization to Operate (ATO) and Authorization to Test (ATT) packages, to authorizing officials.
Providing ongoing reports on system security status, incidents, and compliance to leadership and auditors.
Escalating concerns before missing deadlines or significant change in risk posture.
Supporting incident response activities, including identification, containment, and remediation of security incidents.
Documenting and reporting security incidents in accordance with organizational incident response plans.
Participating in tabletop exercises and post-incident reviews to improve security processes.