Information System Security Officer (ISSO)

Title: Information System Security Officer (ISSO)

Location: Albuquerque, NM or Las Vegas, NV or Germantown, MD

Must have Top Secret Clearance

Required Skills:

ISSO personnel must have hands-on technical and analytical experience supporting the RMF lifecycle, cybersecurity monitoring, continuous authorization, and security control assessments. They must understand and interpret data from security tools and apply NIST frameworks with precision.

Capabilities include:

Proficiency in NIST SP 800-37, 800-53, 800-60, FIPS 199, CNSSI 1253. Ability to perform risk assessments, system categorization, and control selection. Experience with eGRC tools (e.g., Archer) for documentation, continuous monitoring, and POA&M management. Skills in communicating risk, documenting controls, and supporting both internal and external assessments.

Active TS Clearance 3 years as an ISSO Responsibilities:

Prepare: Support enterprise, mission, and system-level RMF readiness, establish tailored baselines, identify assets, assess risks, and determine system placement in the enterprise architecture. Categorize Information Systems: Perform FIPS 199 categorization, develop SSP subsections, register systems, and ensure early engagement with developers to integrate cybersecurity impact analysis. Select Security Controls: Document, implement, and validate selected controls, incorporating security architecture, privacy requirements, and common control inheritance. Assessment: Develop assessment plans, test controls, produce SARs, document findings, and support POA&M development. Data Calls: Provide timely and accurate evidence and responses using approved tools. Internal & External Assessments: Support audits, collaborate with internal and external partners, and perform self-assessments. Program-Level Documentation Support: Maintain program policies, adjudicate comments, and assess the impact of federal directives and legislation.