Information Systems Security Officer (ISSO)

Overview

Remote
$165,000 - $175,000
Full Time

Skills

FISMA
CISM
CISSP
Cloud Computing
Cyber Security
FedRAMP
HIPAA
Information System Security
Risk Management Framework
RMF
NIST SP 800 Series
eMASS
XACTA
Security+
Security Clearance

Job Details

Job Title: Information System Security Officer (ISSO)
Company: Arch Systems
Client: ACF-OHS
Location: Preferred Local to DMV
Employment Type: Full-Time
Clearance Level: Public Trust or higher
Position Summary
Arch Systems LLC is seeking a highly skilled Information System Security Officer (ISSO) to support federal cybersecurity initiatives within the Department of Health and Human Services (HHS) and the Department of Homeland Security (DHS). The ISSO will be responsible for ensuring all information systems maintain compliance with FISMA, NIST, and agency-specific policies, leading the preparation and maintenance of Authorization to Operate (ATO) packages, System Security Plans (SSPs), and continuous monitoring documentation.
This role requires an experienced cybersecurity professional with a proven history supporting federal environments, ideally within HHS, DHS, or similar civilian agencies, who can independently manage system security compliance activities and engage directly with federal stakeholders.
Key Responsibilities
  • Serve as the designated ISSO for federal systems supporting HHS and DHS contracts, ensuring alignment with the NIST Risk Management Framework (RMF).
  • Lead the development, review, and maintenance of all security authorization documentation including:
    • System Security Plans (SSPs)
    • Security Assessment Reports (SARs)
    • Plan of Action and Milestones (POA&Ms)
    • Contingency Plans
    • Continuous Monitoring (ConMon) Plans
  • Manage and coordinate Authorization to Operate (ATO) activities, working closely with Authorizing Officials (AOs), System Owners, and Assessors.
  • Support ongoing compliance with FISMA, NIST SP 800-37, SP 800-53 Rev 5, SP 800-53A, and applicable HHS and DHS security policies.
  • Conduct regular reviews of system configurations, vulnerability scans, and audit logs to identify and remediate risks.
  • Participate in Security Control Assessments (SCAs) and support external audits or reviews.
  • Guide system administrators and developers on implementing technical and procedural security controls.
  • Maintain security documentation in eMASS, CSAM, or other agency-mandated tools.
  • Ensure timely updates to system documentation following changes or incidents affecting system security posture.
  • Assist in developing and conducting security awareness training for program and system personnel.
Required Qualifications
  • 5+ years of experience as an ISSO or equivalent role supporting federal information systems, preferably within HHS, DHS, or other civilian agencies.
  • Demonstrated experience managing ATO packages from initiation through approval and maintenance.
  • In-depth knowledge of FISMA, NIST RMF, NIST SP 800-53, SP 800-18, SP 800-37, and related federal cybersecurity guidance.
  • Hands-on experience preparing and maintaining SSPs, POA&Ms, and conducting security assessments.
  • Experience with compliance tracking tools such as eMASS, CSAM, or Xacta.
  • Excellent communication, coordination, and documentation skills to interface effectively with federal stakeholders and auditors.
  • Active Public Trust or higher-level clearance preferred (or ability to obtain).
  • Certifications: CISSP, CISM, CAP, or Security+ required (CISSP preferred).
Preferred Qualifications
  • Prior work experience supporting HHS, DHS, or other federal health or homeland security programs.
  • Familiarity with FedRAMP Moderate/High systems and cloud authorization processes.
  • Experience supporting privacy programs (e.g., HIPAA, PII/PHI data protection).
  • Bachelor s degree in Cybersecurity, Computer Science, Information Assurance, or related field.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.