Information Systems Security Officer (ISSO Lead) (R-00047)

True Zero Technologies, a veteran-owned small business, was founded on the principle that the purposeful enablement of people and technology in an organization directly ties to the quality of its outcomes. True Zero recognizes that said outcomes begin and end with our people, and that is what we have built, a community of like-minded, driven, and passionate individuals and innovators who are aligned in a common goal of delivering top tier services to our customers. In 2023, True Zero was recognized as a “Best Places to Work” in two categories ("Prosperous and Thriving" ($5MM – $50MM in gross revenue) and "Mid-Atlantic Region" (DC, DE, MD, NC, VA, WV)) and in 2022, was recognized as one of Inc. Magazine’s Top 5000 Fastest Growing Companies.

The Information System Security Officer (ISSO) serves as the principal advisor to the Information System Owner (ISO), Business Process Owner, and the Chief Information Security Officer (CISO) / Information System Security Manager (ISSM) on all matters, technical and otherwise, involving the security of their assigned information system(s).

Additionally, this role will support RMF implementation, authorization and accreditation activities, FISMA reporting, security control assessment coordination, and the development and maintenance of cybersecurity policies and procedures. This position calls for a senior cybersecurity assurance professional who can work across system owners, stakeholders, and leadership to strengthen compliance, improve security governance, and support practical implementation of federal security requirements.

• Maintaining the overarching operational security posture and managing the day-to-day security operations of your assigned Information System (IS);
• Developing, reviewing, and maintaining security and authorization documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs);
• Performing vulnerability/risk assessment analyses to support assessment and authorization (A&A);
• Ensuring the implementation and maintenance of security controls in accordance with the SSP and the organization's security policies, standards, and procedures;
• Supporting security authorization activities in compliance with National Institute of Standards and Technology Risk Management Framework (NIST RMF).
• Providing configuration management (CM) for IS security software, hardware, and firmware, and leading Change Control Board (CCB) meetings; and,
• Providing guidance and security expertise to program leadership.
• Lead ISSO support activities across assigned systems, projects, or operational areas 
• Support RMF implementation and authorization and accreditation activities for federal systems 
• Support FISMA reporting, data calls, and related compliance deliverables 
• Help maintain system security posture in alignment with federal cybersecurity requirements 
• Review, analyze, and support updates to IT, cybersecurity, and privacy policies and procedures 
• Coordinate with technical teams, system owners, and government personnel on security matters 
• Support risk management, security documentation, and control validation activities 
• Assist with security control assessments, issue tracking, and remediation coordination 
• Support audit response activities and compliance-related reviews 
• Use MITRE ATT&CK to help communicate monitoring and control gaps, support risk discussions, and inform remediation recommendations 
• Provide leadership for ISSO processes, practices, and quality of work products 
• Prepare reports, recommendations, and briefings for leadership and stakeholders 
• Ensure timeliness, accuracy, and completeness of ISSO-related deliverables 

• Experience with and knowledge of Federal DevSecOps frameworks and processes
• Clearance Required-Secret Clearance (Interim)
• Experience with IS accreditors, policies, and procedures to support Authoriy to Operate (ATO)/Authority to Connect (ATC) decision making and operational practices.
• Experience with RMF, NIST SP 800-53, Security Technical Implementation Guides (STIGs), and/or Security Content Automation Protocol (SCAP) Compliance Checker
• Knowledge of and experience leading the A&A process
• Knowledge of IT security principles and methods (e.g., firewalls, demilitarized zones, encryption).
• Experience in preparing detailed SSPs to achieve ATO objectives.
• Knowledge of new and emerging IT and cybersecurity technologies.

Required Certifications

• • CISSP will be a requirement for consideration  

We’re actively searching for talented security and technology practitioners who are ready to experience the True Zero difference. As a True Zero team member, you'll enjoy:

- Competitive salary, paid twice per month

- Best in class medical coverage

- 100% of medical premiums covered by True Zero

- Company wide new business incentive programs

- Contribution Incentives (i.e. white papers, blog posts, internal webinars, etc.)

- 3 weeks of PTO starting 11 Paid Holidays Annually

- 401k Program with 100% company match on the first 4%

- Monthly reimbursement of Cell Phone and Home Internet costs

- Paternity/Maternity Leave

- Investment in training and certifications to broaden and deepen your technical skills