Security Analyst / Information System Security Officer (ISSO)

Overview

On Site
Depends on Experience
Full Time
Accepts corp to corp applications

Skills

CISM
Section 508
RMF
Health Care
FISMA
HIPAA

Job Details

Job Title: Security Analyst / Information System Security Officer (ISSO)
Location: [Ashburn, VA or Remote]
Job Type: [Full-Time/Contract]
Experience Level: Mid-Senior Level

Job Description

We are seeking a knowledgeable and detail-oriented Security Analyst / ISSO to support our cybersecurity and compliance initiatives in federal government and healthcare environments. The ideal candidate will play a key role in ensuring the security and compliance of systems in accordance with FISMA, NIST RMF, and other applicable federal regulations.

You will support the Assessment and Authorization (A&A) process, maintain security documentation, and work closely with stakeholders to ensure continuous compliance with federal and healthcare security requirements including HIPAA, FISMA Moderate, and Section 508.

Key Responsibilities

  • Serve as the ISSO for one or more federal information systems, overseeing their security posture throughout the system lifecycle.

  • Ensure systems comply with FISMA, NIST Risk Management Framework (RMF), and agency-specific security policies.

  • Manage and maintain security documentation including System Security Plans (SSPs), Privacy Impact Assessments (PIAs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms).

  • Coordinate and support the Federal A&A (Assessment & Authorization) process, working closely with system owners, developers, and third-party assessors.

  • Conduct risk assessments and security control reviews; recommend and implement mitigations.

  • Ensure continuous monitoring processes are in place for FISMA Moderate systems.

  • Support audits, reviews, and vulnerability assessments.

  • Apply knowledge of HIPAA regulations, Section 508 compliance, and healthcare data protection best practices.

  • Provide guidance on security best practices across the system development lifecycle (SDLC).

Required Qualifications

  • Bachelor s degree in Computer Science, Information Security, Cybersecurity, or related field.

  • CISSP certification (active and in good standing).

  • 5+ years of relevant cybersecurity experience, including as an ISSO or Security Analyst.

  • Deep knowledge of FISMA, NIST SP 800-53, NIST SP 800-37 (RMF), and A&A processes.

  • Demonstrated experience with FISMA Moderate systems and controls.

  • Experience working within or supporting Federal Government programs and/or healthcare systems.

  • Familiarity with HIPAA Security and Privacy Rules and Section 508 compliance.

  • Proficient in managing security documentation and maintaining audit readiness.

  • Excellent written and verbal communication skills.

Preferred Qualifications

  • Experience with security tools and platforms such as eMASS, Xacta, Nessus, or Splunk.

  • Working knowledge of FedRAMP or cloud security compliance frameworks.

  • Experience supporting agencies such as HHS, CMS, NIH, or VA is a plus.

  • Additional certifications such as CAP, CISM, or Security+.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.