(703) Cybersecurity Information System Security Officer (ISSO)
Arlo Solutions · Arlington, VA · 2 days ago
Full-time
Responsibilities
- Serve as the ISSM for multiple DoD information systems supporting OUSW(A&S) mission requirements.
- Lead all phases of the DoD Risk Management Framework (RMF), including system categorization, control implementation, assessment, authorization, and continuous monitoring.
- Develop and maintain RMF authorization packages, including System Security Plans (SSPs), Security Assessment documentation, Plans of Action & Milestones (POA&Ms), Continuous Monitoring artifacts, and supporting Body of Evidence (BoE).
- Coordinate Assessment & Authorization (A&A) activities supporting Authorization to Operate (ATO), Interim Authorization to Test (IATT), Authorization to Operate with Conditions (ATO-C), and system reauthorization.
- Manage Continuous Monitoring (ConMon), vulnerability management, STIG compliance, security control implementation, and cybersecurity reporting.
- Conduct cybersecurity risk assessments and provide recommendations supporting Authorizing Official (AO) risk decisions.
- Coincide Security Control Assessments (SCAs), validate remediation activities, and ensure timely closure of assessment findings.
- Review system architectures, authorization boundaries, data flows, and proposed changes to maintain cybersecurity compliance.
- Provide cybersecurity guidance to Government leadership, Program Managers, engineers, ISSOs, ISSEs, and system administrators.
- Prepare executive briefings, authorization recommendations, and cybersecurity status reports for senior Government leadership.
- Support implementation of Zero Trust Architecture (ZTA), cloud security, DevSecOps, reciprocity, inherited controls, and enterprise cybersecurity governance initiatives.
Requirements
- Including Certificates: Active Top Secret Security Clearance (SCI eligibility preferred)
- Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Engineering, or related field (or equivalent experience)
- Minimum 8 years supporting DoD cybersecurity programs
- Minimum 5 years supporting DoD RMF and Assessment & Authorization activities
- Experience managing multiple RMF authorization packages and briefing senior Government leadership
- Excellent analytical, written, verbal, and presentation skills
- Candidates should meet applicable DoD 8140 Cyber Workforce Qualification Program requirements.
- Preferred certifications include: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), CompTIA CASP+, Certified Cloud Security Professional (CCSP)
- Candidates should demonstrate experience with: DoD Risk Management Framework (RMF) and Assessment & Authorization (A&A), Continuous Monitoring (ConMon) and cybersecurity governance, System Security Plans (SSPs), Security Assessment Reports (SARs), Risk Assessment Reports (RARs), and POA&M management, Security control implementation, validation, inheritance, and reciprocity, Vulnerability management, STIG compliance, ACAS, and cybersecurity reporting, eMASS, Xacta, or comparable Governance, Risk, and Compliance (GRC) platforms, Microsoft Windows, Linux, virtualization, enterprise networking, and cloud environments supporting FedRAMP High and the DoD Cloud Computing Security Requirements Guide (SRG), Zero Trust Architecture (ZTA) and secure system engineering principles
Qualifications
- Minimum Qualifications: Active Top Secret Security Clearance (SCI eligibility preferred)
- Minimum Education: Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Engineering, or related field (or equivalent experience)
- Minimum Experience: 8 years supporting DoD cybersecurity programs
- Minimum RMF Experience: 5 years supporting DoD RMF and Assessment & Authorization activities
- Additional Certifications: Preferred certifications include: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), CompTIA CASP+, Certified Cloud Security Professional (CCSP)
- Additional Experience: Candidates should meet applicable DoD 8140 Cyber Workforce Qualification Program requirements and demonstrate experience with: DoD Risk Management Framework (RMF) and Assessment & Authorization (A&A), Continuous Monitoring (ConMon) and cybersecurity governance, System Security Plans (SSPs), Security Assessment Reports (SARs), Risk Assessment Reports (RARs), and POA&M management, Security control implementation, validation, inheritance, and reciprocity, Vulnerability management, STIG compliance, ACAS, and cybersecurity reporting, eMASS, Xacta, or comparable Governance, Risk, and Compliance (GRC) platforms, Microsoft Windows, Linux, virtualization, enterprise networking, and cloud environments supporting FedRAMP High and the DoD Cloud Computing Security Requirements Guide (SRG), Zero Trust Architecture (ZTA) and secure system engineering principles
Skills
- Strong leadership, technical expertise, and the ability to communicate cybersecurity risk effectively to senior Government decision-makers
- Disciplined application of the DoD Risk Management Framework
Benefits
N/A
Pay
N/A
Schedule
N/A