ISSO (Top Secret Cleared)

Responsibilities:

• RMF & ATO Package Development
• Lead development update and maintenance of AIS authorization packages in accordance with NIST Risk Management Framework (RMF).
• Prepare and manage ATO documentation including:
• System Security Plan (SSP)
• Security Assessment Report (SAR)
• Plan of Action & Milestones (POA&M)
• Risk Assessment Report (RAR)
• Continuous Monitoring Strategy
• Interconnection Security Agreements (ISA) and MOUs/MOAs.
• Ensure systems maintain compliance with FISMA NIST 800-53 NIST 800-37 and agency-specific security requirements.
• Security Control Implementation & Assessment
• Work with technical teams to implement document and validate security controls.
• Perform control assessments gap analyses and remediation tracking.
• Coordinate and support internal and external security assessments and audits.
• Review vulnerability scan results and ensure timely remediation.
• Continuous Monitoring
• Maintain continuous monitoring activities and update authorization artifacts as required.
• Track and manage POA&Ms to closure.
• Monitor system changes and assess security impact through change management processes.
• Stakeholder Collaboration
• Serve as liaison between system owners ISSMs engineers auditors and Authorizing Officials.
• Provide security guidance throughout system development lifecycle (SDLC).
• Support risk decisions and provide security recommendations to leadership.
• Compliance & Reporting
• Maintain compliance with federal cybersecurity policies and directives.
• Prepare reports and briefings on system security posture and risk status.
• Ensure proper configuration management and documentation control.