Information System Security Officer

Job Description: Information System Security Officer (ISSO) III

Location: Philadelphia, PA

Position Overview

The ISSO III supports the ISSM in executing responsibilities for Navy IT systems, ensuring

compliance with Navy, DoD, and federal cybersecurity policies. This role involves

maintaining Plans of Actions and Milestones (POA&Ms), tracking vulnerabilities,

coordinating security control testing, and updating system security documentation. The

ISSO III ensures security plans are executed and that risk management activities are aligned

with RMF requirements.

Key Responsibilities

 Support the ISSM in executing duties and ensuring compliance with NAVSEA, DoN, and

DoD cybersecurity policies.

 Ensure cybersecurity policy and procedural documentation is current, accessible, and

properly maintained.

 Coordinate cybersecurity processes and activities for assigned systems.

 Maintain and report Assessment Only (AO) and Assessment & Authorization (A&A)

status to Program Managers, ISSMs, and system owners.

 Oversee and maintain Security Plans for assigned systems throughout their lifecycle.

 Manage and maintain POA&Ms, ensuring vulnerabilities are tracked, mitigated, and

remediated when possible.

 Assist with identifying applicable security control baselines and overlays for Navy

systems.

 Coordinate with Navy Qualified Validators (NQVs) to validate security controls.

 Conduct and participate in security control testing during Risk Assessments and Annual

Security Reviews.

 Register and maintain systems in Enterprise Mission Assurance Support Service

(eMASS).

 Support continuous monitoring requirements, including review of data and updating

system security documentation.

 Correlate findings from vulnerability assessments, penetration testing, and inspections

to RMF controls for comprehensive risk tracking.

 Maintain vulnerability data in Vulnerability Remediation Asset Manager (VRAM).

 Participate in change control and configuration management processes.

Required Qualifications

**Education:** Bachelor’s degree in Computer Science, Information Technology,

Communications Systems Management, or a STEM-related field.

**Experience:**

- Six (6) years of experience coordinating and enacting required security changes within

organizations.

- Experience ensuring compliance with published cybersecurity policies and conducting

vulnerability and threat analysis.

- Background in supporting incident response, investigations, and security reporting

activities.

**Certification:** Baseline certification as outlined in the Cybersecurity Workforce (CSWF)

requirements table (required at time of proposal submittal).

Desired Skills

 Strong understanding of RMF processes, A&A requirements, and Navy cybersecurity

compliance.

 Hands-on experience with eMASS, ACAS, VRAM, and related DoD/Navy cybersecurity

tools.

 Ability to coordinate and communicate effectively with multiple cybersecurity

stakeholders.

 Demonstrated ability to manage POA&Ms and conduct vulnerability management.

 Skilled at preparing technical documentation, reports, and status updates for

leadership.

Job Type: Full-time

Pay: From $1.00 per hour

Experience:

• conducting vulnerability and threat analysis.: 1 year (Required)
• supporting incident response, investigations,: 1 year (Required)
• coordinating and enacting required security changes: 6 years (Required)
• compliance with published cybersecurity policies: 5 years (Required)

Security clearance:

• Secret (Required)

Work Location: In person