Information System Security Officer

About The Position

Requirements

• 3 – 7 years of relevant cybersecurity / RMF / A&A experience
• eMASS
• DoDI 8510.01
• NIST SP 800-37
• NIST SP 800-30
• Must possess one or more of the following IAM Level III certification: CISM CISSP (or Associate) GSLC CCISO

Responsibilities

• Execute RMF activities and provide ISSO / ISSO-equivalent A&A support for assigned systems across the system lifecycle (assessment, authorization, operations, and continuous monitoring).
• Support multiple Authorization to Operate (ATO), Authorization to Use (ATU), and Assess Only packages annually (approximately seven (7) authorization packages per year).
• Develop, maintain, and submit complete RMF Executive Packages for each authorization, including: System Security Plan (SSP) Security Assessment Report (SAR) Risk Assessment Report (RAR) Plan(s) of Action and Milestones (POA&M) Authorization Decision Document
• Register systems within the Enterprise Mission Assurance Support Service (eMASS) and use eMASS to support and automate RMF documentation, workflows, and reporting.
• Manage and maintain system authorization artifacts in eMASS, ensuring accurate documentation of: Security controls and implementation status Inheritance and shared control relationships Risk posture and supporting evidence POA&M creation, updates, and tracking Authorization status and lifecycle updates
• Coordinate with system owners, ISSMs, assessors, engineers, and AOs to support: Assessment planning and execution Remediation and risk mitigation activities Risk acceptance decisions and authorization outcomes Ongoing continuous monitoring activities
• Register and maintain all system/application connections in the Systems Network Approval Process (SNAP).
• Produce and deliver monthly and annual SNAP registration metrics.
• Support cybersecurity compliance, audit readiness, and reporting to ensure systems and technologies remain in an approved security posture.