ISSO (Top Secret Cleared)

About The Position

Responsibilities

• Lead development, update, and maintenance of AIS authorization packages in accordance with NIST Risk Management Framework (RMF).
• Prepare and manage ATO documentation including: System Security Plan (SSP) Security Assessment Report (SAR) Plan of Action & Milestones (POA&M) Risk Assessment Report (RAR) Continuous Monitoring Strategy Interconnection Security Agreements (ISA) and MOUs/MOAs.
• Ensure systems maintain compliance with FISMA, NIST 800-53, NIST 800-37, and agency-specific security requirements.
• Work with technical teams to implement, document, and validate security controls.
• Perform control assessments, gap analyses, and remediation tracking.
• Coordinate and support internal and external security assessments and audits.
• Review vulnerability scan results and ensure timely remediation.
• Maintain continuous monitoring activities and update authorization artifacts as required.
• Track and manage POA&Ms to closure.
• Monitor system changes and assess security impact through change management processes.
• Serve as liaison between system owners, ISSMs, engineers, auditors, and Authorizing Officials.
• Provide security guidance throughout system development lifecycle (SDLC).
• Support risk decisions and provide security recommendations to leadership.
• Maintain compliance with federal cybersecurity policies and directives.
• Prepare reports and briefings on system security posture and risk status.
• Ensure proper configuration management and documentation control.