Information System Security Officer (ISSO)

The Information System Security Officer (ISSO) serves as the principal advisor to the Information System Owner (SO), Business Process Owner, and the Chief Information Security Officer (CISO) or Information System Security Manager (ISSM) regarding the security of information systems. This subject matter expert is responsible for ensuring the consistent implementation and maintenance of security controls to safeguard systems from unauthorized modification, disclosure, or destruction. The ISSO provides strategic guidance, supports compliance efforts, and evaluates the effectiveness of security procedures, making recommendations for continuous improvement.

Responsibilities include:

1. Advising the Information System Owner, Business Process Owner, and CISO/ISSM on all technical and non-technical matters related to system security.
2. Ensuring all security controls are implemented and maintained throughout the system lifecycle.
3. Directing and enforcing procedures to protect information systems from threats.
4. Providing guidance on physical and digital protection of system assets.
5. Monitoring and assessing system security posture and preparing evaluation reports.
6. Recommending improvements for data security practices and protective procedures.
7. Supporting compliance with federal regulations, agency policies, and security frameworks.

Minimum Requirements:

• Relevant experience and professional certifications may substitute for a formal degree.
• 8-10+ years of relevant experience; final level depends on skills and qualifications.
• Fully adjudicated Top Secret (TS) Security Clearance or higher.
• Proficiency with Microsoft Windows, Active Directory.
• Understanding of NIST 800 series publications and FISMA compliance.