Senior Information System Security Officer (ISSO)

AnaVation•Washington, DC

1d•Onsite

About The Position

AnaVation is seeking an experienced Senior Information System Security Officer (ISSO) to support a mission-critical cybersecurity initiative. This senior-level role is designed for candidates with expert knowledge of RMF and NIST frameworks, who are prepared to lead complex Authorization to Operate (ATO) efforts, manage high-value systems, and mentor junior security staff. The selected candidate will play a crucial role in protecting cloud-based, high-impact, and classified systems across the federal enterprise. AnaVation provides unmatched value to its customers and employees through innovative solutions and an engaging culture, focusing on solving complex technical challenges for collection and processing in the U.S. Federal Intelligence Community.

Requirements

Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
6 years of experience in cybersecurity.
Minimum of six (6) years of hands-on experience in cybersecurity, with at least three (3) years supporting and maintaining system authorizations for complex systems (e.g., cloud, mission-critical, high-impact, or High Value Asset systems).
Demonstrated expertise in the Risk Management Framework (RMF), NIST SP 800-53 Rev 5, and related federal cybersecurity policies.
Extensive experience managing ATO/ATT processes, security control assessments, POA&M lifecycle, vulnerability management, and audit response.
Strong leadership experience mentoring junior and mid-level ISSOs and interfacing with senior government leadership.
Must possess at least two of the following active certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Governance, Risk and Compliance (CGRC), Certified in Risk and Information Systems Control (CRISC), Information Systems Security Management Professional (ISSMP), Certified Information Systems Auditor (CISA), Certified Cloud Security Professional (CCSP), Certified Ethical Hacker (CEH), CompTIA Security+.
Proficiency in tools such as JCAM, Tenable Nessus, and Splunk.
Ability to develop, review, and present high-level security documentation and briefings.
Strong understanding of cloud platforms (IaaS, PaaS, SaaS), supply chain risk management, and incident response procedures.
Ability to obtain Public Trust clearance; Secret clearance strongly preferred.

Nice To Haves

Familiarity with AI concepts, including how AI tools may impact cybersecurity, privacy, and compliance

Responsibilities

Support the maintenance of security documentation and support system ATO and ATT efforts.
Conduct security control assessments and provide recommendations for remediation.
Perform biweekly audit log and vulnerability scan reviews and track POA&M items.
Collaborate with system owners and technical teams to manage risk and respond to incident.
Support Ongoing Authorization (OA) and continuous monitoring activities.
Prepare and brief senior leadership on system security posture and compliance metric.
Ensure alignment with cybersecurity policies and NIST SP 800-53, 800-37, and 800-137.