Jobs · Information Technology · Maryland

Senior Information Systems Security Officer (ISSO)/Information Systems Security Manager (ISSM)

CALIBRE Systems, Inc. · Aberdeen, MD · 1 wk ago
Information TechnologyFull-time

Responsibilities

  • Serve as the onsite lead ISSO/ISSM supporting cybersecurity authorization and compliance efforts across multiple DoW systems.
  • Lead system onboarding efforts into RegScale and support the configuration, optimization, and automation of governance, risk, and compliance (GRC) processes.
  • Act as onsite liaison between ASA(ALT) and Team CALIBRE to provide continued technical and product support for the RegScale application.
  • Installation of software and experience with databases and OS installation and configuration.
  • Provide expert guidance on all phases of the Risk Management Framework (RMF) lifecycle, including system categorization, control implementation, assessment, authorization, and continuous monitoring.
  • Act as the organization's primary subject matter expert for eMASS, ensuring accurate management of authorization packages, security controls, inheritance relationships, POA&Ms, and system artifacts.
  • Maintain the RegScale accreditation throughout the SDLC, to include develop, maintain, and review security documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), Plan of Action & Milestones (POA&Ms), and Standard Operating Procedures (SOPs).
  • Cook up with government leadership, ISSMs, ISSOs, system owners, security control assessors, and engineers to ensure compliance with DoW cybersecurity requirements.
  • Conduct RegScale and eMASS user training sessions and provide ongoing support to stakeholders throughout the authorization process.
  • Support vulnerability management activities, including ACAS review, DISA STIG compliance, remediation tracking, and POA&M management for the RegScale application.
  • Identify opportunities across ASA(ALT) and Army organizations to automate compliance activities, improve operational efficiencies, and streamline enterprise cybersecurity processes.
  • Provide executive-level reporting, risk assessments, and recommendations to government and program leadership.

Requirements

  • Active Secret Clearance or higher.
  • Minimum of seven (7) years of hands-on experience supporting DoW or DoD systems utilizing eMASS.
  • Minimum of seven (7) years of experience executing RMF and Assessment & Authorization (A&A) activities within DoW or DoD environments.
  • Experience serving as either ISSO, ISSM, ISSE, Security Control Assessor (SCA), Validator, or equivalent cybersecurity role.
  • Expert-level proficiency with eMASS.
  • Extensive knowledge of:
    • Strong written and verbal communication skills with the ability to interact effectively with technical and non-technical stakeholders.
    • U.S. Citizenship required.
    • Experience implementing, administering, or supporting RegScale within a federal or DoW environment.
    • Experience with GRC platforms such as ServiceNow GRC, RSA Archer, Xacta, CSAM, or similar tools.
    • Experience integrating compliance tools with workflow, ticketing, and reporting systems.
    • Experience supporting AWS or other cloud-based environments.
    • Knowledge of ACAS, STIG Viewer, and vulnerability management best practices.
  • Master's degree in Cybersecurity, Information Assurance, Information Systems, or a related discipline.
  • Candidates must possess one of the following DoD 8570/8140 IAM Level III certifications:
    • CISSP
    • CISM
    • GSLC
  • Preferred certifications include:
    • CGRC
    • CISA
    • Security+

Qualifications

  • U.S. Citizenship required.
  • Experience implementing, administering, or supporting RegScale within a federal or DoW environment.
  • Experience with GRC platforms such as ServiceNow GRC, RSA Archer, Xacta, CSAM, or similar tools.
  • Experience integrating compliance tools with workflow, ticketing, and reporting systems.
  • Experience supporting AWS or other cloud-based environments.
  • Knowledge of ACAS, STIG Viewer, and vulnerability management best practices.
  • Master's degree in Cybersecurity, Information Assurance, Information Systems, or a related discipline.
  • Candidates must possess one of the following DoD 8570/8140 IAM Level III certifications:
    • CISSP
    • CISM
    • GSLC
  • Preferred certifications include:
    • CGRC
    • CISA
    • Security+

Skills

  • Expert-level proficiency with eMASS.
  • Strong written and verbal communication skills with the ability to interact effectively with technical and non-technical stakeholders.
  • Experience implementing, administering, or supporting RegScale within a federal or DoW environment.
  • Experience with GRC platforms such as ServiceNow GRC, RSA Archer, Xacta, CSAM, or similar tools.
  • Experience integrating compliance tools with workflow, ticketing, and reporting systems.
  • Experience supporting AWS or other cloud-based environments.
  • Knowledge of ACAS, STIG Viewer, and vulnerability management best practices.
  • Master's degree in Cybersecurity, Information Assurance, Information Systems, or a related discipline.
  • Candidates must possess one of the following DoD 8570/8140 IAM Level III certifications:
    • CISSP
    • CISM
    • GSLC
  • Preferred certifications include:
    • CGRC
    • CISA
    • Security+

Benefits

This is an opportunity to lead a high-visibility cybersecurity modernization effort supporting the Department of War. You will work directly with government stakeholders to advance compliance automation, improve RMF execution, and drive enterprise adoption of next-generation GRC capabilities through RegScale while serving as a key cybersecurity leader within the organization.

Pay

Competitive salary and full benefits package.

Schedule

Onsite at Aberdeen Proving Grounds (APG).

Similar jobs