Senior Information System Security Officer (ISSO)

We are seeking a seasoned ISSO with proven expertise in building and reviewing security documentation from scratch, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Continuous Monitoring Plans. The ideal candidate will have hands-on experience with both NIST RMF Rev 4 and Rev 5, including system transitions, and a strong command of control families. The candidate must be adept at handling complex security challenges, maintaining POA&Ms, managing missed timelines, and ensuring end-to-end ATO lifecycle compliance. Additionally, they should be skilled at documenting mitigation strategies, justifying policy exceptions, and supporting risk acceptance decisions to maintain a robust and auditable security posture.

Key Requirements & Responsibilities:

• Hands-on ISSO experience supporting the full lifecycle of the Risk Management Framework (RMF).
• Expertise in NIST RMF (SP 800-37), NIST SP 800-53 (Rev 4 & Rev 5), and CNSSI 1253.
• Knowledge of FS-191, Federal directives, and other federal cybersecurity compliance requirements.
• Develop, review, and maintain ATO documentation, including SSPs, POA&Ms, SARs, and continuous monitoring artifacts.
• Support system owners in achieving and maintaining Authorization to Operate (ATO) status.
• Apply Information Assurance (IA) controls and ensure alignment with federal and NIST cybersecurity policies.
• Conduct vulnerability assessments using tools such as ACAS, Nessus, HBSS, and Security Onion.
• Provide expertise in security control implementation, testing, and sustainment.
• Prepare clear, actionable reports and recommendations to strengthen client s cybersecurity posture.
• Collaborate with internal offices and external stakeholders to reduce risk, improve resilience, and ensure compliance.
• Lead complex security challenges, manage missed timelines, and document mitigation strategies.
• Justify policy exceptions and support risk acceptance decisions to maintain a strong and auditable security posture.
• Experience supporting ATO packages in multi-system or enterprise environments.
• Strong problem-solving skills with a proactive approach to risk management.