Senior Information System Security Officer (ISSO)

About The Position

Requirements

• Experience supporting authorization, compliance, continuous monitoring, and risk management activities across assigned systems.
• Experience developing, implementing, reviewing, and maintaining IT security controls in accordance with NIST SP 800-53, RMF, and agency security policies.
• Experience supporting the preparation, review, and submission of Security Authorization packages, including SSPs, SARs, POA&Ms, SIAs, and related authorization artifacts.
• Experience coordinating and preparing systems for Security Control Assessments (SCAs).
• Experience conducting and documenting Security Impact Analyses (SIAs).
• Experience participating in configuration and change control processes.
• Experience assisting in system categorization activities and validation of asset inventories.
• Experience assessing security control implementation effectiveness and identifying deficiencies.
• Experience supporting Risk Acceptance activities, POA&M tracking, remediation coordination, and audit response efforts.
• Experience supporting continuous monitoring activities.
• Experience coordinating with system owners, engineers, and security stakeholders.
• Experience participating in governance activities including standards reviews, exception handling, control updates, and policy compliance activities.
• Experience contributing to development and maintenance of security policies, procedures, technical documentation, status reports, dashboards, and risk briefings.
• Experience supporting maintenance of reporting artifacts, compliance metrics, workflow tracking, and collaboration sites using SharePoint, PowerBI, and related tools.
• Experience supporting the Lead ISSO in execution of operational, compliance, and stakeholder coordination activities.
• Familiarity with NIST RMF, NIST SP 800-53, FISMA, and agency cybersecurity requirements.

Responsibilities

• Support system security authorization and continuous monitoring activities for assigned systems.
• Develop, implement, review, and maintain IT security controls in accordance with NIST SP 800-53, RMF, and agency security policies.
• Support the preparation, review, and submission of Security Authorization packages, including SSPs, SARs, POA&Ms, SIAs, and related authorization artifacts.
• Coordinate and prepare systems for Security Control Assessments (SCAs), ensuring documentation, evidence, and artifacts are accurate and complete.
• Conduct and document Security Impact Analyses (SIAs) for changes to hardware, software, cloud infrastructure, or connectivity.
• Participate in configuration and change control processes to ensure secure baselines are maintained and accurately reflected in system documentation.
• Assist in system categorization activities and validation of asset inventories to ensure appropriate control baselines are applied.
• Assess security control implementation effectiveness and identify deficiencies requiring remediation or risk acceptance.
• Support Risk Acceptance activities, POA&M tracking, remediation coordination, and audit response efforts.
• Support continuous monitoring activities by reviewing system changes, compliance evidence, and authorization-related activities to maintain ongoing compliance.
• Coordinate with system owners, engineers, and security stakeholders to support remediation and compliance activities.
• Participate in governance activities including standards reviews, exception handling, control updates, and policy compliance activities.
• Contribute to development and maintenance of security policies, procedures, technical documentation, status reports, dashboards, and risk briefings.
• Support maintenance of reporting artifacts, compliance metrics, workflow tracking, and collaboration sites using SharePoint, PowerBI, and related tools.
• Support the Lead ISSO in execution of operational, compliance, and stakeholder coordination activities.
• Ensure assigned activities align with NIST RMF, NIST SP 800-53, FISMA, and agency cybersecurity requirements.