
Project Overview The ISSO will be responsible for supporting CLIENTS information security program, with a focus on risk management, security compliance, system authorization, and continuous monitoring. The role requires close coordination with CISO, IT, security teams, auditors, and business stakeholders.
Scope of Work Staff Augmentation: Provide qualified ISSO with relevant qualifications and experience, with on-site presence required.
Project Duration: 1 year.
Key Responsibilities:
• Support the Risk Management Framework (RMF) processes and system authorization lifecycle
• Experience with GRC platforms (ServiceNow GRC)
• Create systems baseline using NIST 800-53 security controls.
• Develop, review, and maintain security documentation (SSPs, POA&Ms, Policies and procedures, etc.)
• Perform security control assessments and validation activities
• Ensure compliance with NIST, ISO 27001, PCI, TSA and applicable regulatory frameworks
• Conduct vulnerability assessments and track remediation efforts through risk registry.
• Work with system owners to identify, document, and mitigate risks
• Monitor systems for compliance with security baselines and policies
• Support audit readiness and respond to audit findings
• Coordinate incident response activities and ensure proper reporting
• Provide security guidance and awareness to stakeholders
• Prepare and deliver regular status and risk reports
• Collaborate with cross-functional teams to strengthen security posture
Qualifications
• Proven experience as an Information System Security Officer (ISSO) or similar cybersecurity role
• Strong knowledge of NIST RMF (CSF, 800-53) and related standards
• Experience with security compliance frameworks NIST CSF 2.0, NIST 800-53 and NIST SP 800-161
• Familiarity with vulnerability management tools and security assessment methodologies
• Knowledge of cloud security (Azure, AWS, or Google Cloud Platform) is a plus
• Strong understanding of network, application, and data security principles
• Relevant certifications preferred (e.g., CISSP, CISM, CISA, Security+)
• Excellent analytical, documentation, and communication skills
• Ability to work effectively with both technical and non-technical stakeholders 5. Proposal Requirements
• Vendors must submit the following as part of their proposal:
• Up-to-date Resumes: Detailed resumes of the proposed two ISSO candidates