Senior Information System Security Officer – Isso

Senior Information System Security Officer – Isso

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field (or a minimum of six (6) years of hands-on relevant experience in lieu of a degree)
• Minimum of six (6) years of hands-on experience in cybersecurity
• Expert knowledge of Governance Risk and Compliance
• At least three (3) years supporting and maintaining system authorizations for complex systems (e.g., cloud, mission-critical, high-impact, or High Value Asset systems)
• Demonstrated expertise in the Risk Management Framework (RMF), NIST SP 800-53 Rev 5, and related federal cybersecurity policies
• Extensive experience managing ATO/ATT processes, security control assessments, POA&M lifecycle, vulnerability management, and audit response
• Strong leadership experience mentoring junior and mid-level ISSOs and interfacing with senior government leadership
• Must possess at least two of the following active certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Governance, Risk and Compliance (CGRC), Certified in Risk and Information Systems Control (CRISC), Information Systems Security Management Professional (ISSMP), Certified Information Systems Auditor (CISA), Certified Cloud Security Professional (CCSP), Certified Ethical Hacker (CEH), CompTIA Security+, Project Management Professional (PMP)
• Proficiency in tools such as JCAM, Tenable Nessus, BigFix and Splunk
• Ability to develop, review, and present high-level security documentation and briefings
• Strong understanding of cloud platforms (IaaS, PaaS, SaaS), supply chain risk management, and incident response procedures
• Proficient knowledge in network defense
• Ability to obtain Public Trust clearance; Secret clearance strongly preferred.

Responsibilities

• Support the maintenance of security documentation and support system ATO and ATT efforts
• Conduct security control assessments and provide recommendations for remediation
• Perform biweekly audit log and vulnerability scan reviews and track POA&M items
• Collaborate with system owners and technical teams to manage risk and respond to incident
• Support Ongoing Authorization (OA) and continuous monitoring activities
• Prepare and brief senior leadership on system security posture and compliance metric
• Ensure alignment with cybersecurity policies and NIST SP 800-53, 800-37, and 800-137.

Preferred Qualifications

No preferred qualifications provided.