Senior Information Systems Security Officer (ISSO)/Information Systems Security Manager (ISSM)
CALIBRE Systems, Inc. · Aberdeen, MD · 1 wk ago
Information TechnologyFull-time
Responsibilities
- Serve as the onsite lead ISSO/ISSM supporting cybersecurity authorization and compliance efforts across multiple DoW systems.
- Lead system onboarding efforts into RegScale and support the configuration, optimization, and automation of governance, risk, and compliance (GRC) processes.
- Act as onsite liaison between ASA(ALT) and Team CALIBRE to provide continued technical and product support for the RegScale application.
- Installation of software and experience with databases and OS installation and configuration.
- Provide expert guidance on all phases of the Risk Management Framework (RMF) lifecycle, including system categorization, control implementation, assessment, authorization, and continuous monitoring.
- Act as the organization's primary subject matter expert for eMASS, ensuring accurate management of authorization packages, security controls, inheritance relationships, POA&Ms, and system artifacts.
- Maintain the RegScale accreditation throughout the SDLC, to include develop, maintain, and review security documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), Plan of Action & Milestones (POA&Ms), and Standard Operating Procedures (SOPs).
- Cook up with government leadership, ISSMs, ISSOs, system owners, security control assessors, and engineers to ensure compliance with DoW cybersecurity requirements.
- Conduct RegScale and eMASS user training sessions and provide ongoing support to stakeholders throughout the authorization process.
- Support vulnerability management activities, including ACAS review, DISA STIG compliance, remediation tracking, and POA&M management for the RegScale application.
- Identify opportunities across ASA(ALT) and Army organizations to automate compliance activities, improve operational efficiencies, and streamline enterprise cybersecurity processes.
- Provide executive-level reporting, risk assessments, and recommendations to government and program leadership.
Requirements
- Active Secret Clearance or higher.
- Minimum of seven (7) years of hands-on experience supporting DoW or DoD systems utilizing eMASS.
- Minimum of seven (7) years of experience executing RMF and Assessment & Authorization (A&A) activities within DoW or DoD environments.
- Experience serving as either ISSO, ISSM, ISSE, Security Control Assessor (SCA), Validator, or equivalent cybersecurity role.
- Expert-level proficiency with eMASS.
- Extensive knowledge of:
- Strong written and verbal communication skills with the ability to interact effectively with technical and non-technical stakeholders.
- U.S. Citizenship required.
- Experience implementing, administering, or supporting RegScale within a federal or DoW environment.
- Experience with GRC platforms such as ServiceNow GRC, RSA Archer, Xacta, CSAM, or similar tools.
- Experience integrating compliance tools with workflow, ticketing, and reporting systems.
- Experience supporting AWS or other cloud-based environments.
- Knowledge of ACAS, STIG Viewer, and vulnerability management best practices.
- Master's degree in Cybersecurity, Information Assurance, Information Systems, or a related discipline.
- Candidates must possess one of the following DoD 8570/8140 IAM Level III certifications:
- CISSP
- CISM
- GSLC
- Preferred certifications include:
- CGRC
- CISA
- Security+
Qualifications
- U.S. Citizenship required.
- Experience implementing, administering, or supporting RegScale within a federal or DoW environment.
- Experience with GRC platforms such as ServiceNow GRC, RSA Archer, Xacta, CSAM, or similar tools.
- Experience integrating compliance tools with workflow, ticketing, and reporting systems.
- Experience supporting AWS or other cloud-based environments.
- Knowledge of ACAS, STIG Viewer, and vulnerability management best practices.
- Master's degree in Cybersecurity, Information Assurance, Information Systems, or a related discipline.
- Candidates must possess one of the following DoD 8570/8140 IAM Level III certifications:
- CISSP
- CISM
- GSLC
- Preferred certifications include:
- CGRC
- CISA
- Security+
Skills
- Expert-level proficiency with eMASS.
- Strong written and verbal communication skills with the ability to interact effectively with technical and non-technical stakeholders.
- Experience implementing, administering, or supporting RegScale within a federal or DoW environment.
- Experience with GRC platforms such as ServiceNow GRC, RSA Archer, Xacta, CSAM, or similar tools.
- Experience integrating compliance tools with workflow, ticketing, and reporting systems.
- Experience supporting AWS or other cloud-based environments.
- Knowledge of ACAS, STIG Viewer, and vulnerability management best practices.
- Master's degree in Cybersecurity, Information Assurance, Information Systems, or a related discipline.
- Candidates must possess one of the following DoD 8570/8140 IAM Level III certifications:
- CISSP
- CISM
- GSLC
- Preferred certifications include:
- CGRC
- CISA
- Security+
Benefits
This is an opportunity to lead a high-visibility cybersecurity modernization effort supporting the Department of War. You will work directly with government stakeholders to advance compliance automation, improve RMF execution, and drive enterprise adoption of next-generation GRC capabilities through RegScale while serving as a key cybersecurity leader within the organization.
Pay
Competitive salary and full benefits package.
Schedule
Onsite at Aberdeen Proving Grounds (APG).