[Contingent] Senior Information Security Analyst (ISSO)

About The Position

Requirements

• ISSO: You have served as an ISSO in practice: you own your systems' security posture, understand their boundaries, and keep their SA&A packages current.
• Documentation Expert: You produce SSPP, SAR, POA&M, IRP, CP, and CMP documentation that is accurate, complete, and government-ready without extensive rework.
• Privacy-Aware: You recognize when a system triggers PII documentation requirements and know how to coordinate IPA and PIA processes with privacy officials.
• Continuous Monitoring Practitioner: You understand federal ISCM strategies and can implement system-level monitoring plans that supplement agency requirements.
• Organized: You manage multiple systems simultaneously, tracking authorization status, POA&M items, and upcoming assessment milestones across your portfolio.
• Federal-Fluent: You have worked within a federal environment and understand FISMA, the Privacy Act, OMB A-130, and the practical realities of the government authorization process.
• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field
• 7+ years of cybersecurity expertise
• 6+ years developing, maintaining, and assessing SA&A packages resulting in ATO for federal information systems
• Minimum one (1) of the following: CISA (ISACA), CRISC (ISACA), CISSP (ISC2), CGRC (ISC2)
• Public Trust / Suitability clearance required
• Must be a U.S. Citizen.

Nice To Haves

• Prior ISSO experience supporting federal agency IT systems
• Experience using federal authorization management platforms (e.g., JCAM) for package management and status tracking
• Experience coordinating SORN submissions and PIA reviews with agency privacy officials
• Experience supporting both on-premises and FedRAMP cloud system authorization packages
• Familiarity with NIST SP 800-88 Rev. 1 media sanitization procedures
• Experience with configuration management and change control processes in a federal environment

Responsibilities

• Serve as the primary ISSO for assigned federal information systems, maintaining comprehensive knowledge of each system's security posture, authorization boundary, and control implementation status.
• Develop, maintain, and assess Security Assessment & Authorization (SA&A) packages leading to Authority to Operate (ATO): SSPP, SAR, POA&M, IRP, CP, CMP, IPA, PIA, MOU, ISA, and authorization documentation.
• Coordinate with system owners and operations and maintenance (O&M) staff to ensure ongoing compliance with applicable federal security requirements and standards.
• Support continuous monitoring activities: track control assessment schedules, review and update authorization packages based on system and environment changes, and report security posture to the Authorizing Official.
• Develop and maintain Incident Response Plans and Procedures; coordinate with the client security operations center when security incidents are identified.
• Prepare and maintain Contingency Plans (CP) and Configuration Management Plans (CMP) per applicable NIST standards.
• Coordinate privacy documentation with records management and privacy officials: IPA, PIA, and SORN for systems processing PII.
• Develop and track Plans of Action and Milestones (POA&M) for all identified security and privacy control weaknesses; ensure POA&Ms are accurate and do not improperly defer legally required controls.
• Support annual FISMA and FISCAM audit activities: gather evidence, respond to auditor requests, and coordinate corrective actions.
• Provide regular security posture status reporting on assigned systems.

Benefits

• Medical Insurance
• Dental Insurance
• Vision Insurance
• Life Insurance
• Short Term & Long Term Disability
• 401k Retirement Savings Plan with Company Match
• Paid Holidays
• Paid Time Off (PTO)
• Tuition and Professional Development Assistance