Senior Information System Security Officer

About Coalfire

Coalfire Federal is a market leading cybersecurity consultancy firm that provides independent and tailored advice, assessments, technical testing and a full suite of cyber engineering services to Federal agency customers. Coalfire Federal along with its parent company, Coalfire, has an unparalleled client list with deep customer relationships with leading cloud and technology providers including Amazon, Microsoft, IBM, Google, Oracle and Federal agencies. Coalfire has been a cybersecurity thought leader for nearly 20 years and has offices throughout the United States and Europe and is committed to making the world a safer place by solving our clients’ toughest security challenges.

We’re growing rapidly and are currently seeking a Sr ISSO / Senior Information System Security Officer to join our Coalfire Federal team.

Location Details: Hybrid

This is a full time employment position joining our team at a government client site 3 days a week in D.C.

Job Summary

The Senior Information System Security Officer is responsible for overseeing the security posture of information systems and ensuring compliance with frameworks like National Institute of Standards and Technology (NIST). They coordinate risk assessments, continuous monitoring, and security control implementation aligned with standards such as NIST SP 800-53. The role involves advising leadership, supporting accreditation processes (ATO), and responding to security incidents. The SR ISSO will mentor junior staff and acts as a bridge between technical teams, compliance stakeholders, and system owners.

What you'll do

• Assume the role of ISSO for information systems and third-party services identified as High Value Assets (HVA) by the agency;
• Perform technical security impact analysis for all changes to the information system;
• Provide the guidance and oversight necessary to ensure the completeness and accuracy of documentation related to the Primary Responsibility or the Supporting Role assigned to the System Owner, Information Owner or Steward
• Senior ISSOs shall ensure the implementation and maintenance of security controls in accordance with the Security Plan (SP) and Peace Corps policies and procedures.
• Ensure the assigned FISMA systems maintain their ATO through independent security assessment and authorization;
• Review all deliverables and RMF packages for accuracy
• Have oversight responsibility to ensure proper access controls have been implemented and managed;
• Ensure audit logs are reviewed at an agreed upon frequency, where the frequency may increase if warranted by incident or situational awareness. When reviewing logs, some events will require follow-up inquiries to determine if a problem exists, whether corrective action is required, or if there is another explanation.
• Be responsible for conducting assessments of controls for their system to ensure the controls have been implemented properly and are still effective where the risk posture is documented in a system risk assessment report.
• Ensure documents provided to auditors are what was requested and approved for release. Documents provided to auditors should be properly labeled so that the auditor is aware if they contain sensitive information.
• Ensure that new vulnerabilities are evaluated by the respective subject matter expert and corrective action implemented.
• Senior ISSO shall collaborate with the ISSE in conducting security impact assessments on changes to their respective FISMA systems;

What you'll bring

• Hands on experience and strong understanding of FISMA, NIST Risk Management Framework and associated special publications (800-37, 800-53, etc.)
• Management skills
• Interpersonal skills
• Communication, written, verbal
• Leadership skills
• JCAM experience
• Knowledge of cloud technologies and FedRAMP processes

Education

Completed Bachelor’s degree from an accredited university in an IT related field, or equivalent combination of education and experience.

Clearance / Suitability

Ability to obtain a clearance or a Public Trust is preferred, however all clearance levels and non-cleared applicants will also be considered.

Certifications Required

One or more of the following certifications: CISSP, CISA, or GSLC

Years of Experience

At minimum 5 years of hands-on work experience with senior level ISSO duties; performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise data bases leading to successful security authorization of such systems.

Bonus Points

• NIST Cybersecurity Framework experience
• Familiarity with AI tools and governance
• Experience with process improvement, documenting procedures and workflow

Why you'll want to join us

Our people make Coalfire Federal great. We work together on interesting things and achieve exceptional results. We act as trusted advisors to our customers and are committed to client-focused innovation as well as innovation in the industries that we serve.

Coalfire offers our people the chance to grow professionally with colleagues they like and respect while tackling challenges that stretch their minds and expand their skill sets. Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more.

You’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support memberships, and comprehensive insurance options.

Coalfire is an EEO employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.