Information System Security Officer, Level 3

Information System Security Officer, (ISSO) - Level 3

Position Summary
The Information System Security Officer (ISSO) – Level 3 provides senior-level cybersecurity engineering and compliance support to the Defense Information Systems Agency (DISA) Internet Enterprise (IE) under the CTAS Task Order. This role is responsible for ensuring mission systems achieve and sustain Authorization to Operate (ATO) through implementation of the Risk Management Framework (RMF) and transition from legacy DIACAP requirements. The ISSO – Level 3 acts as both a technical and compliance leader, bridging vulnerability management, STIG/SRG application, and documentation development to create complete and accurate accreditation packages. This position serves as a senior-level resource, providing mentorship to mid-level and junior ISSOs, while interfacing with Government stakeholders, Information System Security Managers (ISSMs), and Authorizing Officials (AOs).

Responsibilities
The ISSO – Level 3 is expected to perform duties that span both hands-on technical tasks and high-level compliance oversight. Core responsibilities include:

• Leading the development, maintenance, and validation of RMF and A&A artifacts, including System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), configuration management records, and testing documentation.
• Implementing and validating compliance with DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs) to maintain technical baselines across supported systems.
• Managing and analyzing results from vulnerability scanning and compliance tools such as ACAS, HBSS, and CMRS, and ensuring timely remediation of findings in accordance with IAVM directives.
• Preparing and submitting comprehensive accreditation packages in eMASS, ensuring accuracy, completeness, and timeliness of submissions to meet contract and PWS requirements.
• Conducting and documenting Security Test and Evaluation (ST&E) activities, ensuring objective assessment of control implementation and risk posture.
• Supporting and preparing for Command Cyber Readiness Inspections (CCRI), Security Assessment Visits (SAV), and Cooperative Vulnerability Penetration Assessments (CVPA) by creating corrective action plans, briefing results, and tracking closure of findings.
• Providing mentorship and guidance to junior ISSOs, ensuring proper interpretation of DoD cybersecurity policy and consistent application of standards across the team.
• Contributing to recurring deliverables such as Policy Compliance Reports, Risk Assessment Reports, and Directorate-level cybersecurity briefings, ensuring all outputs meet QASP Acceptable Quality Levels (AQLs).

Required Qualifications

• Bachelor’s degree in Cybersecurity, Information Technology, or related field.
• Must hold and maintain an appropriate DoD 8140.03 / 8570.01-M certification baseline for this labor category (e.g., Security , CISSP, CISM, or equivalent as required).
• At least 7 years of experience in cybersecurity engineering, RMF/DIACAP accreditation, and compliance documentation in DoD environments.
• Expertise in the application of DISA STIGs/SRGs, ACAS/HBSS vulnerability analysis, and eMASS package preparation.
• Strong written and verbal communication skills, with demonstrated experience producing accreditation documentation and presenting risk findings to senior stakeholders.

Desired Qualifications

• Master’s degree in Cybersecurity or related discipline.
• Experience supporting DISA programs and preparing for CCRI inspections.
• Advanced certifications such as CISSP-ISSAP or CISM.

Clearance Requirement
Active Top Secret / SCI clearance.