Execute and maintain all RMF lifecycle activities for assigned federal information systems: categorization, control selection, implementation, assessment, authorization, and continuous monitoring
Develop, maintain, and update system security documentation including System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), and Authorization to Operate (ATO) packages
Coordinate with Information System Owners (ISOs), Authorizing Officials (AOs), and Security Control Assessors (SCAs) to drive ATO decisions on schedule
Monitor security controls on an ongoing basis; identify, document, and track deviations and vulnerabilities to closure
Conduct and support continuous monitoring activities including log review, vulnerability scan analysis, and configuration compliance validation
Support incident response activities including documentation, escalation, and remediation tracking
Maintain system inventory, hardware/software baselines, and interconnection agreements
Ensure compliance with applicable federal directives including FISMA, OMB A-130, and agency-specific security policies
Participate in security reviews, audits, and inspections as required

1-3 years of direct ISSO or ISSO-support experience in a US Federal environment
Hands-on experience with NIST RMF (SP 800-37) and NIST SP 800-53 security controls
Demonstrated ability to develop and maintain ATO documentation packages independently
Familiarity with federal compliance tools such as eMASS, Xacta, or equivalent GRC platforms
Strong written communication skills; federal documentation standards experience required

Information System Security Officer

Key skills