Sr. Information System Security Officer

Who We Are: Oasys International, LLC (Oasys) is a rapidly expanding firm that has been recognized on Inc. 5000 magazine's list of the fastest-growing companies for five consecutive years. We are a dynamic organization dedicated to providing world-class technology consulting services through our team of expert technologists, consultants, engineers, and subject matter experts. At Oasys, we prioritize continuous learning, a healthy work-life balance, and a collaborative work environment. Our culture is merit-based, recognizing and rewarding performance and fostering a supportive and social atmosphere.

Position Summary:

Oasys is seeking a Sr. Information System Security Officer to support the United States Coast Guard (USCG) at the Aviation Logistics Center (ALC)-Information Systems Division (ISD). The Sr. Information System Security Officer (ISSO) will provide subject matter expertise in Risk Management Framework (RMF) execution, security control validation, continuous monitoring, and audit readiness to sustain the Authorization to Operate (ATO) lifecycle for mission-critical systems.

The Senior ISSO will play a central role in ensuring systems maintain compliance with federal cybersecurity standards including NIST 800-53, FISMA, and DHS 4300A, and will serve as a key security liaison across development, operations, and governance teams.

Primary Responsibilities:

• Serve as the lead security representative for system RMF lifecycle activities, including control selection, implementation, testing, and documentation.
• Develop, review, and maintain key RMF artifacts such as System Security Plans (SSPs), Security Assessment Reports (SARs), Contingency Plans (CPs), and POA&Ms.
• Ensure systems maintain a valid Authorization to Operate (ATO) through continuous monitoring, vulnerability assessments, and compliance reporting.
• Validate the implementation of security controls and document evidence in Enterprise Mission Assurance Support Service (eMASS).
• Collaborate with cybersecurity engineers, auditors, and control assessors to prepare for internal and external security audits and inspections.
• Analyze and respond to scan results, SIEM alerts, audit logs, change management actions, and potential cybersecurity incidents.
• Support the integration of security into DevSecOps pipelines, ensuring secure configuration management, patching, and container security practices.
• Provide security engineering guidance to development and infrastructure teams in areas such as encryption, access controls, secure protocols, and authentication methods.
• Lead the execution of cybersecurity training, awareness initiatives, and policy compliance briefings for staff and stakeholders.
• Identify, assess, and mitigate risks associated with system design, implementation, and operational posture.
• Provide oversight for managing privacy-related data, insider threat indicators, and incident handling workflows in accordance with federal mandates.
• All other duties as assigned by management.

Skills/Qualifications:

• Advanced understanding of NIST RMF, NIST SP 800-37, 800-53 Rev. 5, DHS 4300A, and FISMA compliance requirements.
• Hands-on experience with SIEM tools, eMASS, vulnerability scanning platforms, and ATO documentation processes.
• Proven ability to develop and maintain ATO documentation and assess control effectiveness across multiple systems.
• Experience implementing cybersecurity best practices in complex hybrid environments (on-premise, virtual, and cloud-based).
• Strong working knowledge of Active Directory, Linux/Windows administration, and secure infrastructure hardening.
• Familiarity with Agile/DevSecOps development cycles and secure code integration principles.
• Excellent analytical, organizational, and communication skills, with an ability to brief senior stakeholders and deliver formal documentation.

Education/Experience Requirements:

• Bachelor's or Associate's degree in Computer Science, Math, Information Technology, Engineering, or related field. Five (5) years of directly relevant experience may substitute for two (2) years of formal education.
• Minimum of six (6) years experience in information security/information assurance.
• Minimum of five (5) years of experience in the risk management framework.
• Hands-on experience with Active Directory, Windows/UNIX systems, and relational databases in secure environments.
• Previous support of federal government enterprise systems or DHS/DOD programs is strongly preferred.

Clearance:

• U.S. citizenship required
• Must have an active DoD Secret Clearance.

Certification Requirement

• IAM (Information Assurance Management) Level II certification required (CompTIA Security , CompTIA CySA, (ISC) SSCP, CCNA Security, GSEC, CND, or CompTIA PenTest )
• Additional certifications (Network , AWS Certified Cloud Practitioner, Microsoft Azure Fundamentals, Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), ITIL Foundation, TOGAF, or other cybersecurity architecture certifications) are a plus.

Work Location:

• Elizabeth City, NC - Hybrid
• North Carolina Region - Must be able to go on-site at least three days a week

Oasys is proud to be an equal opportunity employer for all protected groups, including protected veterans and individuals with disabilities.