Information System Security Officer
Babel Street · Reston, VA · 2 mo ago
Information Technology$120k–$150k/yrFull-time
Key Responsibilities
- Implement, assess, and monitor security controls in accordance with NIST SP 800-53 and FedRAMP requirements.
- Maintain and update System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), and other authorization artifacts.
- Sustain the overall security posture of assigned information systems, while ensuring alignment with additional industry frameworks such as ISO and SOC 2.
- Support FedRAMP authorization and continuous monitoring activities, including Conduct security control assessments, vulnerability assessments, and risk analyses.
- Cover coordination with system owners, engineers, external assessors (3PAOs), customers, and Interface with customers to address security and compliance inquiries, communicate risk
- Conduct vendor and third-party security reviews, including due diligence assessments, Support incident response activities, including reporting and documentation per federal
- Review system changes for security impact and participate in configuration control
- Ensure compliance with federal policies, agency-specific requirements, and internal
- Support alignment and crosswalk efforts between FedRAMP/NIST controls and
- Engage stakeholders across technical and business functions with clear, concise communication to support informed risk-based decision-making in the best interest of the organization.
- Provide security guidance and recommendations that balance compliance requirements, operational efficiency, and business priorities.
Required Qualifications
- Bachelor’s degree in Management of Information Systems (MIS), Cybersecurity, or related field (or equivalent experience).
- 3–5+ years of experience in information security, with at least 2 years supporting FedRAMP or federal compliance frameworks.
- Strong knowledge of NIST controls and FedRAMP Moderate baselines.
- Experience developing and maintaining ATO packages.
- Experience mapping or harmonizing controls across multiple frameworks (e.g., NIST, ISO, SOC 2).
- Experience conducting vendor risk assessments and third-party security evaluations.
- Ability to communicate technical and compliance concepts effectively to both technical and non-technical stakeholders.
Preferred Qualifications
- Active Security Clearance
- Professional certifications such as CISA, CAP, and/or Security+
- Experience working with FedRAMP-authorized systems or within a federal agency.
- Experience supporting customer audits, compliance reviews, or external stakeholder engagements.