Information System Security Officer, ISSO
Washington, United States of America
Full Time
2 hours ago
No Visa Sponsorship
Key skills
Cyber SecurityLeadershipRisk Management
About this role
Role Overview
- Serve as the primary liaison between the Cybersecurity Group, system owners, ECCP, and information owners on security and risk matters.
- Ensure systems follow security policies, including vulnerability scanning, patching, and configuration management.
- Verify compliance for commercial and open‑source software through OCIO governance processes.
- Support incident reporting and coordination with the SOC.
- Determine system categorization and control selection under the Risk Management Framework.
- Coordinate with stakeholders on ECCP controls and expansion of standard control providers.
- Manage IPAs and PIAs.
- Review security reports and participate in briefings with system owners and leadership.
- Monitor overall security posture and prepare updated Security Posture Reports.
Requirements
- Required Certifications: CISSP or Security +
- Education, Background, and Years of Experience: Bachelor of Science Degree
- 3 -5 years of experience as an ISSO/ISSM
- 3
- 5 years ISSO/ISSM support including
- Maintain the security posture of assigned information systems and ensure compliance with federal security requirements (e.g., NIST, FISMA).
- Support system authorization and accreditation activities, including preparing and maintaining A&A documentation.
- Monitor system security controls and ensure they are implemented, operating, and effective.
- Perform continuous monitoring activities and review security logs, scans, and reports.
- Identify, track, and remediate vulnerabilities in coordination with engineering teams.
- Conduct periodic security assessments and risk analysis.
- Prepare and maintain system security plans, contingency plans, incident response plans, and related artifacts.
- Ensure proper configuration management practices are followed for all system changes.
- Support security incident response activities, including documenting and escalating events.
- Work closely with system owners, developers, and administrators to ensure security is integrated throughout the system lifecycle.
- Communicate security risks and recommendations to stakeholders and leadership.
- Ensure users maintain proper security awareness and follow established policies and procedures.
- Participate in audits and reviews, providing evidence, documentation, and responses as needed.
- Track and report on Plan of Action & Milestones (POA&Ms).
- Ensure compliance with policies related to access control, patch management, and security operations.
Tech Stack
- Cyber Security
Benefits
- Competitive and comprehensive benefits package