Information System Security Officer

DDC Innovation & Growth is seeking a part-time Information System Security Officer (ISSO) to support the United States Court of Appeals for the Armed Forces (USCAAF) in Washington DC. This position requires on-site support and offers an opportunity to lead cybersecurity and risk management efforts in alignment with Department of Defense (DoD) and Federal regulations.

The ISSO will provide comprehensive cybersecurity oversight ensuring the confidentiality integrity and availability of USCAAFs information systems throughout their lifecycle.

*This position is contingent upon contract award.*

Cybersecurity & Risk Management Framework (RMF)

• Manage the full RMF lifecycle per DoDI 8510.01 including the use of Enterprise Mission Assurance Support Service (eMASS) for all A&A documentation.
• Prepare submit and maintain complete system authorization packages to achieve and maintain Approval to Operate (ATO) status.

Technology Vetting

• Develop and enforce a technology review process for all new software hardware and cloud services.
• Validate compliance with the DoD Approved Products List (APL) and assess potential cybersecurity risks prior to implementation.

Configuration & System Hardening

• Maintain and document the authorized hardware/software baselines.
• Participate in the Configuration Control Board (CCB) and ensure all changes are properly vetted tested and approved.
• Implement and maintain configurations per DISA STIGs and Security Requirements Guides (SRGs).

Continuous Monitoring & Vulnerability Management

• Conduct vulnerability scanning and compliance monitoring using tools such as ACAS.
• Perform hands-on remediation via patching scripting and configuration updates within established compliance timelines.
• Manage and track Plans of Action and Milestones (POA&Ms) throughout their lifecycle.

Risk Acceptance & Reporting

• Develop formal risk acceptance packages for vulnerabilities that cannot be remediated immediately including justifications and compensating controls.
• Maintain continuous communication with government leadership regarding cybersecurity posture risk and compliance metrics.

Audit Incident Response & Contingency Planning

• Maintain and review system audit logs per DoD requirements.
• Support cybersecurity incident response activities and coordinate with DoD Cyber Incident Response teams as required.
• Develop maintain and annually test the System Contingency Plan (NIST SP 800-34) documenting outcomes and lessons learned.

• Active DoD Secret clearance (or ability to obtain and maintain one).
• DoD 8570/8140 IAM Level II or III certification (e.g. CAP CASP CISSP CISM).
• Bachelors degree in Cybersecurity Information Systems Computer Science or a related discipline (or equivalent experience).
• 5 years of cybersecurity or ISSO experience supporting DoD or Federal programs.
• Proven experience managing RMF processes and using eMASS for A&A documentation.
• Familiarity with DISA STIGs NIST SP 800-series DoDI 8510.01 and ACAS tools.
• Strong understanding of configuration management vulnerability management and incident response procedures.

Preferred Qualifications

• Experience supporting judicial or defense organizations.
• Strong written communication skills and ability to prepare formal cybersecurity documentation.

Position Details

• Location: On-site Washington DC
• Schedule: Part-time
• Clearance: Secret (Active or Interim acceptable)

Diné Development Corporation (DDC) is a Navajo Nation owned family of companies that delivers IT professional and environmental solutions to advance the missions of federal state and tribal government agencies. As thought leaders and innovators our team of specialists build client-centric solutions that solve critical challenges faced by defense civilian and healthcare organizations. Employing a mission-focused approach we deliver value that not only enhances current operations but also drives future change. Closely aligned with this approach is our commitment to advancing the Navajo Nation and its People. Through economic development and community empowerment we elevate the Navajo Nation to provide lasting impact and sustainable growth for future generations. DDCs ability to unite legacy-inspired technologies industry best practices and proven methodologies has contributed to our success for twenty years.

This contractor and subcontractor shall abide by the requirements of 41 CFR 60-1.4(a) 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on their race color religion sex sexual orientation gender identity national origin or for inquiring about discussing or disclosing information about compensation or any other basis prohibited by law. We participate in E-Verify.