Information System Security Officer (ISSO)

Overview

On Site
Depends on Experience
Full Time
No Travel Required

Skills

CISSP
Cyber Security
Information System Security
Information Security
Information Systems
Information Technology
NIST SP 800 Series
RMF
Risk Management Framework
Security Operations
Security Controls
Security Clearance
Risk Management
Information Assurance
Incident Management
Authorization
Auditing
Continuous Monitoring
Business Process
FIPS

Job Details

Job Title: Information System Security Officer (ISSO)
Location: Washington, DC
Certification Required: Certified Information Systems Security Professional (CISSP)
Clearance Required: Active Top Secret
Salary: $130K-$165K
Application Deadline: Aug. 30, 2025

To apply, please follow these steps:

  • Visit .
  • Select the position you are interested in.
  • Review the job details, then click Apply Now.
  • Complete and submit your application.


Description
The Information System Security Officer (ISSO) brings valuable technical, policy, and business knowledge and advice to inform system security and risk management. The ISSO is responsible for maintaining the security posture of IT systems within a defined portfolio by serving as a primary liaison and ensuring compliance with information security policies and frameworks. This role requires a strong understanding of the Risk Management Framework (RMF) and a proactive approach to continuous monitoring and incident response.

Key Responsibilities

  • Risk Management Framework (RMF) Execution:
    • Assist in carrying out RMF activities at the organization, mission, business process, and information system levels.
    • Prepare: Support the establishment of organizationally tailored control baselines and the identification of common controls and protected assets.
    • Categorize: Categorize information systems based on potential security impact (low, moderate, or high) using FIPS 199 and NIST 800-60, and document the results in the system's security plan.
    • Select: Use FIPS 200 and NIST SP 800-53 to select minimum security controls, identify common controls, and document a monitoring strategy for each system.
    • Implement: Ensure mandatory configuration settings are implemented, and document the functional description of security control implementation.
    • Authorize: Support the authorization process by providing necessary documentation and information to authorizing officials.
    • Monitor: Continuously monitor security controls, perform ongoing self-assessments, manage remediation actions, update system documentation, and report on the system's security status.
  • Information Security & Policy Compliance:
    • Serve as the primary liaison between the Cybersecurity Group, System Owners, Enterprise Common Control Providers (ECCP), and Information Owners.
    • Verify that applications and support systems adhere to information security policies, including continuous vulnerability scans, patch management, and configuration management.
    • Ensure compliance with requirements for commercial and open-source software use through established governance boards.
    • Coordinate Initial Privacy Assessments (IPAs) and Privacy Impact Assessments (PIAs).
    • Follow the issue resolution process for identified vulnerabilities, documenting risk-based decisions and creating a clear audit trail.
  • Continuous Monitoring & Reporting:
    • Perform real-time monitoring of assigned information systems through dashboard capabilities.
    • Draft, review, and update continuous monitoring plans based on changes in risk, control selection, laws, and guidelines.
    • Review tiered information security reports and participate in briefings with system owners, the CISO, and Authorizing Officials.
    • Regularly review the security posture of systems and prepare status update Security Posture Reports with adjusted metrics.
  • Incident Assessment and Response:
    • Assist with reporting and investigating information security incidents to the Security Operations Center (SOC), gathering pertinent information as needed.
    • Serve as a hands-on resource to gather artifacts or recover systems following an incident.
    • Be available to deploy as part of a response team.
    • Coordinate with external service providers, system owners, and administrators during incident response efforts.


Required Qualifications

  • Experience:
    • 5+ years of related management experience in the field of information system security.
  • Certifications:
    • Certified Information Systems Security Professional (CISSP).
  • Skills & Knowledge:
    • Working knowledge of the Risk Management Framework (RMF), information assurance, continuous monitoring, and Plan of Action and Milestones (POA&M) management.
    • Possess the knowledge, skills, tasks, and capabilities outlined in the NICE Work Role Framework for Systems Security Management (OG-WRL-014).

About IBSS Corp.

Since 1992, IBSS, a woman-owned small business, has provided transformational consulting services to the Federal defense, civilian, and commercial sectors. Our services include cybersecurity and enterprise information technology, environmental science and engineering (including oceans, coasts, climate, and weather), and professional management services.

Our approach is to serve our employees by investing in their growth and development. As a result, our employees bring greater capabilities and provide exceptional service to our clients. In addition to creating career development opportunities for our employees, IBSS is passionate about giving back to the community and serving the environment. We strive to leave something better behind for the next generation.

We measure our success by the positive impact we have on our employees, clients, partners, and the communities we serve. Our tagline, Powered by Excellence, is a recognition of the employees that make up IBSS and ensures we deliver results with quality, applying industry best practices and certifications.

IBSS offers a competitive benefits package that includes medical, dental, vision, and prescription drug coverage with a company-paid deductible, paid time off, federal holidays, a matching 401K plan, tuition/professional development reimbursement, and Flex-Spending (FSA)/Dependent Care Account (DCA) options.

IBSS is an affirmative action and equal opportunity employer. All qualified applicants will be considered for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information. Click to see that the EEO is the law. Please direct any inquiries to the HR Department email at

If you require reasonable accommodation in completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please direct your inquiries to the Talent Acquisition department at

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.