Sr. Information Systems Security Officer (ISSO)

Tyto Athene, LLC•Washington, DC

About The Position

Tyto Athene is seeking a Sr. Information Systems Security Officer (ISSO) to support a federal customer on an Information Security program to serve as an ISSO and Task Lead. This role involves leading, mentoring, and supervising a team of security professionals responsible for the end-to-end implementation of the RMF lifecycle for customer's IT systems. The ISSO will oversee and coordinate activities within the Prepare step, guide system categorization, direct the selection and documentation of security controls, and oversee the implementation of technical, operational, and management controls. Additionally, the role ensures comprehensive security control assessments are conducted, prepares risk management documentation, directs ongoing monitoring and continuous assessment activities, fosters security awareness, and maintains up-to-date knowledge of RMF, NIST guidance, and industry best practices.

Requirements

15 years of experience in IT security, with a focus on federal IT compliance.
Minimum of 9 years of work experience in a computer science or Cybersecurity related field.
7 years’ experience serving as an Information Systems Security Officer (ISSO) or Information System Security Engineer at a cleared facility.
One of more of the following certifications: CISSP; GISP; CASP (SecurityX); CISM; GSLC
Familiarity with the use and operation of security tools including Tenable Nessus and/or Security Center, Splunk, IBM Guardium, HP WebInspect, Network Mapper (NMAP), and/or similar applications
Experience supporting programs that operate hundreds of low-, moderate-, and high-impact on-premises and cloud (Azure/AWS) systems across unclassified and classified environments.
Proven ability to communicate effectively with senior leadership and across diverse teams, acting as both a leader and collaborator.
Active Top Secret clearance with SCI eligibility

Nice To Haves

Bachelor’s and/or advanced degree in computer science, business management, or IT related discipline is preferred.
Experience in cybersecurity engineering, including encryption, multi-factor authentication, centralized logging, and other key risk management capabilities.
Experience with DOJ, DHS, or similar federal agencies

Responsibilities

Lead, mentor, and supervise a team of security professionals responsible for the end-to-end implementation of the RMF lifecycle for customer's IT systems.
Oversee and coordinate activities within the Prepare step, ensuring roles, responsibilities, and risk management strategies are clearly defined and maintained.
Guide system categorization efforts to ensure all information systems are appropriately classified based on mission/business impact and regulatory requirements.
Direct the selection, tailoring, and documentation of security controls aligned with system categorizations, Bureau risk appetite, and compliance requirements.
Oversee the implementation of technical, operational, and management controls throughout system and application lifecycles, with a particular focus on quality and completeness of all deliverables.
Ensure comprehensive security control assessments are planned, executed, and documented to validate the effectiveness of implemented safeguards.
Prepare risk management documentation for system authorization and executive decision making.
Direct ongoing monitoring and continuous assessment activities, collecting metrics to adjust security strategies and ensure sustained compliance.
Foster a culture of security awareness, providing technical guidance and training to both team members and stakeholders.
Maintain up-to-date knowledge of RMF, NIST guidance, and industry best practices in support of continuous process improvement.