Senior Information Systems Security Officer

Washington, AR - USA

Monthly Salary: Not Disclosed

Posted on: 2 days ago

Vacancies: 1 Vacancy

Job Summary

We are looking for a Senior Information Systems Security Officer (ISSO) to support a critical U.S. government agency in the National Capital Region. This senior-level role is responsible for ensuring the security and compliance of agency information systems by implementing and managing security controls aligned with federal cybersecurity frameworks including the NIST Risk Management Framework (RMF) FISMA and NIST SP 800-53.

Hybrid: 3 Days On-site in Washington DC / 2 Days Remote
Must be able to obtain a government security clearance requiring U.S. Citizenship or Permanent Resident Status

Responsibilities:

Develop implement and maintain IT security controls in accordance with NIST SP 800-53 RMF and agency security policies.
Support the preparation review and submission of Security Authorization packages including the System Security Plan (SSP) Security Assessment Report (SAR) and Plan of Action and Milestones (POA&M).
Coordinate and prepare systems for Security Control Assessments (SCA) ensuring all artifacts are accurate and complete.
Conduct and document Security Impact Analyses (SIAs) for changes to hardware software cloud infrastructure or connectivity.
Participate in configuration and change control processes ensuring secure baselines are maintained and reflected in documentation.
Assist in system categorization and validate asset inventories to ensure appropriate control baselines are applied.
Assess control implementation effectiveness and identify deficiencies for remediation or risk acceptance.
Document business justifications and mitigation strategies for risk acceptance proposals for Authorizing Officials.
Support Continuous Monitoring by reviewing security alerts system changes and compliance evidence to ensure ongoing authorization.
Contribute to the development revision and enforcement of security policies procedures and technical guidelines.
Participate in internal IT governance processes including exception handling standards reviews and control waivers.
Support security awareness and training compliance for personnel with system access.
Monitor evolving threats and recommend adaptive security controls in response to risk landscape changes.
Prepare high-quality technical documentation status reports and risk briefings for internal and external stakeholders.

Required Qualifications:

Bachelors degree and 9 years of IT security or systems security engineering experience or Masters degree with 7 years of experience.
Ability to obtain and maintain a public trust requiring U.S. Citizenship or Permanent Resident Status
Hands-on experience implementing and managing security controls in enterprise or federal IT environments.
Strong understanding of the NIST RMF NIST SP 800-53 FISMA and federal security policies including EO 14028 and OMB M-22-09.
Experience performing risk assessments preparing ATO documentation and tracking control deficiencies in POA&Ms.
Working knowledge of cloud security (AWS Azure GCP) and hybrid environments.
Familiarity with enterprise platforms such as Microsoft 365 Azure AD Cisco and Oracle.
Proficient in network and system security concepts including IDS/IPS VPNs encryption secure baselining and OS hardening.
Experience supporting third-party security assessments or audits.
Strong documentation reporting and communication skills including the ability to convey complex technical issues to non-technical audiences.
Proficient in Microsoft Office (Word Excel PowerPoint SharePoint).

Preferred Qualifications:

Current cybersecurity certification such as CISSP CISM or Security.
Experience with GRC and SA&A tools such as Archer eMASS CSAM or Xacta.
Familiarity with FedRAMP cloud compliance requirements and federal privacy regulations.
Knowledge of OWASP Top 10 and modern application security best practices.
Understanding of adversary TTPs and frameworks such as MITRE ATT&CK.
Ability to work independently and manage priorities in a fast-paced dynamic environment.

We offer:

Competitive salary based on experience
Profit sharing distributed twice a year
15 days ofpaid time off and 10 paid holidays per year
401(k)with employer matching
Healthand dental benefits
Opportunity to work with other talentedtechnical professionals

SharePointXperts is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race color religion sex national origin disability or protected Veteran status.

SharePointXperts participates in the following links for important information about our participation in this program and your rights.

Required Experience:

Senior IC

Develop implement and maintain IT security controls in accordance with NIST SP 800-53 RMF and agency security policies.
Support the preparation review and submission of Security Authorization packages including the System Security Plan (SSP) Security Assessment Report (SAR) and Plan of Action and Milestones (POA&M).
Coordinate and prepare systems for Security Control Assessments (SCA) ensuring all artifacts are accurate and complete.
Conduct and document Security Impact Analyses (SIAs) for changes to hardware software cloud infrastructure or connectivity.
Participate in configuration and change control processes ensuring secure baselines are maintained and reflected in documentation.
Assist in system categorization and validate asset inventories to ensure appropriate control baselines are applied.
Assess control implementation effectiveness and identify deficiencies for remediation or risk acceptance.
Document business justifications and mitigation strategies for risk acceptance proposals for Authorizing Officials.
Support Continuous Monitoring by reviewing security alerts system changes and compliance evidence to ensure ongoing authorization.
Contribute to the development revision and enforcement of security policies procedures and technical guidelines.
Participate in internal IT governance processes including exception handling standards reviews and control waivers.
Support security awareness and training compliance for personnel with system access.
Monitor evolving threats and recommend adaptive security controls in response to risk landscape changes.
Prepare high-quality technical documentation status reports and risk briefings for internal and external stakeholders.

Required Qualifications:

Bachelors degree and 9 years of IT security or systems security engineering experience or Masters degree with 7 years of experience.
Ability to obtain and maintain a public trust requiring U.S. Citizenship or Permanent Resident Status
Hands-on experience implementing and managing security controls in enterprise or federal IT environments.
Strong understanding of the NIST RMF NIST SP 800-53 FISMA and federal security policies including EO 14028 and OMB M-22-09.
Experience performing risk assessments preparing ATO documentation and tracking control deficiencies in POA&Ms.
Working knowledge of cloud security (AWS Azure GCP) and hybrid environments.
Familiarity with enterprise platforms such as Microsoft 365 Azure AD Cisco and Oracle.
Proficient in network and system security concepts including IDS/IPS VPNs encryption secure baselining and OS hardening.
Experience supporting third-party security assessments or audits.
Strong documentation reporting and communication skills including the ability to convey complex technical issues to non-technical audiences.
Proficient in Microsoft Office (Word Excel PowerPoint SharePoint).

Preferred Qualifications:

Current cybersecurity certification such as CISSP CISM or Security.
Experience with GRC and SA&A tools such as Archer eMASS CSAM or Xacta.
Familiarity with FedRAMP cloud compliance requirements and federal privacy regulations.
Knowledge of OWASP Top 10 and modern application security best practices.
Understanding of adversary TTPs and frameworks such as MITRE ATT&CK.
Ability to work independently and manage priorities in a fast-paced dynamic environment.

We offer: