Information System Security Officer

Direct message the job poster from Lipovsky Consulting Group, LLC

Job Title: Information Systems Security Officer (ISSO)

Location: Washington, D.C. (In-Office)

Employment Type: Full-Time, Experienced; 1099 Contract

Rate: $65 / hr

Clearance Required: Public Trust / ability to obtain one

Role Start Date: Immediate

Job Overview

We are seeking a dedicated and experienced Information Systems Security Officer (ISSO) to join our team. The ISSO will play a critical role in ensuring the confidentiality, integrity, and availability of our client’s information systems. This position requires a proactive individual with a strong understanding of cybersecurity frameworks, regulatory compliance, and risk management, as well as hands-on expertise in security tools.

Responsibilities

• Drive, create, update, and maintain Assessment and Authorization (A&A) packages for each authorization boundary assigned to you, which will include preparing and maintaining the underlying System Security Plans (SSPs) and other pre-assessment (Phase 1) security documents tied to the boundary.
• Work with the CISO, FACM, developers, and system owners, and their technical teams in putting these A&A packages together.
• Leverage tools like ServiceNow to automate document management and improve collaboration.
• Brief Leadership on these A&A packages, key issues, findings, and Plans of Action and Milestones (POA&Ms).
• Coordinate vulnerability and finding remediation efforts by working closely with the Network Operations team, system owners, technical leads, and other stakeholders to define actionable steps and realistic completion dates.
• Drive analysis of the findings and provide expert technical guidance for mitigation and remediation strategies, including implementation advice on the cybersecurity risk findings and other complex problems.
• Facilitate vulnerability scanning and patch management efforts, ensuring Operations and other teams push patches to all systems to maintain compliance with applicable directives. Conduct vulnerability analysis from scans and know how to analyze scanning tool dashboards, metrics, and underlying data.
• Own and manage all Plans of Action and Milestones (POA&Ms) within assigned system boundaries. This includes:
• Initiate POA&Ms upon identification of control deficiencies or findings.
• Ensure each POA&M is accurately documented with a clear description, root cause, risk rating, and remediation strategy.
• Ensure alignment with NIST SP 800-53 and the agency’s policies in how POA&Ms are documented, prioritized, and addressed.
• Maintain a current and accurate system boundary inventory, including all associated hardware, software, cloud components, interconnections, and external dependencies. Regularly review and validate inventory data to ensure completeness and accuracy. Ensure inventory updates are reflected in SSPs and used to inform risk and POA&M activities.
• Support implementing Risk Management Framework (RMF) support activities in accordance with NIST SP 800-37.
• Draft, maintain, and update key security documentation associated with assessment and authorization (A&A) efforts, including but not limited to: System Security Plans (SSPs), Risk Assessment Reports (RARs), Business Impact Analyses (BIAs), Initial Privacy Assessments (IPAs), Privacy Impact Analyses (PIAs), Contingency Plans (CPs), Configuration Management Plans (CMPs), Federal Information Processing Standard (FIPS), and Plans of Action and Milestones (POA&Ms).
• Ensure the implementation and maintenance of security controls is in accordance with the System Security Plan (SSP) and the agency’s policies. Conduct periodic reviews of system configurations and access controls. Select controls affected by any such system configurations/changes/updates that would fuel into the assessment executed by the assessment team.
• Monitor and update POA&M milestones and progression regularly. Ensure that POA&M entries reflect current status, include supporting artifacts for partial or full remediation, and are not left stagnant.
• Validate and recommend POA&M closures only after reviewing evidence and artifacts, and after the remediation has been tested and confirmed.
• Report POA&M statuses weekly as part of our security governance cadence. This includes identifying blockers, requesting risk acceptance (if applicable), and escalating overdue items that pose risk. Draft risk acceptances if and as applicable.
• Conduct vulnerability analysis; pull the latest vulnerability scan results and data for your assigned systems, and track timely remediation and patch management accordingly.
• Review and recommend updates to agency A&A policies and procedures, leveraging best practices to ensure compliance and effectiveness.
• Review and recommend updates to agency A&A templates, integrating industry standards for consistency.
• Implement and manage system categorization, ensuring accurate classification and streamlined processes.
• Conduct regular out-briefings to Leadership and other stakeholders, acting as the subject matter expert of your assigned systems.

Qualifications

• Education: Bachelor’s degree in Computer Science, Information Technology, or a related field.
• Experience: Minimum of seven (7) years in cybersecurity and/or information security roles, preferably as an ISSO, Information Assurance (IA) Consultant/Analyst, and/or security assessor. Other technical backgrounds, including but not limited to Dev Sec Ops, Net Ops, System Admin experience are welcome.
• Certifications: CISSP, CISM, CISA, CEH, or equivalent professional certification is highly preferred. Cloud-specific certifications, such as those tied to AWS, Azure, and GCP, or the CCSP and CompTIA certs, are preferred.
• Skills: Strong analytical and problem-solving skills, as well as scrupulous attention to detail; excellent communication abilities, and proficiency in security tools and technologies (e.g., the likes of Tanium, Qualys, etc.). In-depth knowledge of federal standards and information security frameworks, especially NIST SP 800-53 and NIST SP 800-37. Ability to multi-task in a deadline-oriented environment.
• Clearance: Public Trust / ability to obtain one

• Seniority level
  Mid-Senior level

• Employment type
  Full-time

• Job function
  Information Technology
• Industries
  Business Consulting and Services

Referrals increase your chances of interviewing at Lipovsky Consulting Group, LLC by 2x

Get notified about new Information System Security Officer jobs in Washington, DC.

Vienna, VA $130,000 - $150,000 2 weeks ago

Fort Meade, MD $175,000 - $215,000 8 months ago

Arlington, VA $92,213.33 - $125,146.66 1 month ago

Arlington, VA $92,213.33 - $125,146.66 1 month ago

Arlington, VA $115,000 - $145,000 1 month ago

Tysons Corner, VA $118,560 - $171,253.33 1 month ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.