ISSO
Fort Meade, Maryland
Onsite
Direct Hire
$140k - $150k
Description
My client is seeking a Information Systems Security Officer (ISSO) to support our cybersecurity team in maintaining and securing classified and unclassified information systems. The ISSO will ensure compliance with all applicable regulations and policies, support Risk Management Framework (RMF) processes, and assist in system accreditation and continuous monitoring activities. This role requires 5 days per week onsite at Fort Meade, MD.
Responsibilities include:
- Assist with implementation and enforcement of cybersecurity policies and procedures.
- Develop, review, and maintain system security plans (SSPs), risk assessments, and other RMF artifacts.
- Support system authorization (ATO) packages under the NIST RMF.
- Perform vulnerability scanning, review results, and work with IT teams to remediate findings.
- Conduct periodic security reviews and audits to ensure compliance with agency requirements (e.g., NIST 800-53, DoD STIGs).
- Maintain security documentation and update cybersecurity artifacts regularly.
- Serve as a liaison between the system owners, ISSM, IT staff, and auditors.
- Monitor and respond to security incidents in coordination with the incident response team.
- Support Security Technical Implementation Guide (STIG) compliance reviews and documentation.
- Participate in security-related working groups, briefings, and assessments
- In-depth knowledge of laws, directives, and orders pertaining to IT security and directing Federal government agencies.
- Active U.S. DoD Secret clearance.
- Bachelor’s degree with 5+ years of IT security experience.
- Active DOD 8140 or 8570 Certification (e.g. CISSP or Security+).
- Active IAT II certification.
- Minimum 2 years' experience directly supporting a customer’s ATO/RMF process.
- Proven experience using the eMASS or XACTA accreditation management software systems.
- Excellent communication and written skills.
- Prior experience writing documentation to satisfy NIST (National Institute of Standards and Technology) guidance, FISMA (Federal Information Security Management Act), FISCAM (Federal Information System Controls Audit Manual).
- Knowledge and experience with the NIST 800-53 Rev 4 or latest revision and ability to properly document security control implementation statements.