We are seeking an experienced Senior Information System Security Officer (ISSO) to support enterprise-level cybersecurity and compliance initiatives within a large, complex information systems environment. This role requires hands-on leadership in security governance, risk management, and regulatory compliance aligned with federal and state standards.
The Security Analyst (Senior ISSO) will actively participate in day-to-day security operations, oversee compliance activities, and serve as a trusted cybersecurity advisor to leadership, internal teams, vendors, and business partners.
Key Responsibilities:
Security Program & Compliance Leadership
- Lead and support FISMA Risk Management Framework (RMF) compliant security programs, including CMS MARS-E and similar frameworks.
- Develop, maintain, and validate security documentation such as:
- System Security Plans (SSPs)
- Privacy Impact Assessments (PIAs)
- Interconnection Security Agreements (ISAs)
- Computer Matching Agreements (CMAs)
- Integrate RMF and Assessment & Authorization (A&A) activities into the System Development Life Cycle (SDLC).
- Serve as the primary point of contact for third-party audits and security assessments.
Risk Management & Architecture Reviews
- Perform detailed architectural and risk reviews, including:
- Network design and information flow
- System and data access models
- Firewall rule requests (ports, protocols, services)
- Configuration baseline deviation requests
- Vulnerability management findings
- Provide sound risk-based recommendations to stakeholders.
Audit, Assessment & Vendor Oversight
- Audit and assess internal systems and external business partner or vendor security controls.
- Conduct security and compliance reviews of:
- Contracts
- Business Associate Agreements (BAAs)
- Data Sharing and Usage Agreements
- Collaborate with vendors and multiple internal teams to ensure compliance with security initiatives.
Tools & Documentation
- Utilize tools such as:
- Archer (eGRC)
- Service management/ticketing systems
- Microsoft Office Suite (Word, Excel, PowerPoint, Visio)
- Atlassian, Bizagi, and other workflow/documentation platforms
- Produce clear, accurate audit and assessment reports aligned with organizational standards.
Required Skills & Experience:
Hands-on experience with the following technologies is highly desirable:
- Archer or other eGRC platforms
- IBM System 390/zSeries
- Linux and Windows Servers
- Relational and NoSQL databases
- Network firewalls, IPS, routing, and switching infrastructure
- SIEM solutions
- Identity and Access Management (IAM) systems
- Cloud security and vendor management environments
Required Qualifications:
5+ years of experience in IT security, infrastructure, or system auditing
Prior experience working within a FISMA-compliant environment
Experience with eGRC tools
Strong working knowledge of:
- FISMA
- NIST
- CMS MARS-E
- HIPAA Security & Privacy rules
Ability to work independently and collaboratively in a fast-paced environment
Strong communication skills with both technical and non-technical stakeholders
Intermediate to advanced proficiency in Microsoft Office tools
Certification:
ISC (2), ISACA, SANS GIAC and/or other Information Security Certification is required.
Never miss an opportunity! Create an alert based on the job you applied for.
