FS Information System Security Officer chez undefined

Job Title: Information System Security Officer (FSISSO)

Pay Type: SALARIED EXEMPT 

Location: Hybrid, Washington, DC (Must Work East Coast Hours, United States)

DoD Security Clearance: Required

Summary of Position Role/Responsibilities

The Federal Support Information System Security Officer (FSISSO) is responsible for implementing and managing a robust information security program to protect the confidentiality, integrity, and availability of information systems managed by the federal agency. This role blends strategic advisory with technical execution to ensure compliance with relevant federal frameworks and regulations, including NIST, FISMA, FedRAMP, and agency-specific cybersecurity mandates. The FSISSO will lead efforts in risk management, third-party vendor assessments, incident response, security architecture, and policy governance to safeguard federal IT systems and data.

Essential Functions of the Job

• Develop, implement, and maintain cybersecurity policies, standards, and procedures aligned with federal regulations (e.g., NIST 800.53, FISMA, FedRAMP).
• Conduct ongoing risk assessments, vulnerability assessments, and compliance audits to ensure proper security posture across information systems.
• Lead and document security assessments and authorization (A&A) packages, working across technical and executive teams to support continuous monitoring and POA&M tracking.
• Manage incident response planning and execution, including forensic analysis, remediation, and root cause investigations.
• Oversee the execution of vulnerability scanning, penetration testing, and third-party vendor risk evaluations, using tools like Nessus. 
• Support secure system development and cloud migration efforts (e.g., AWS, Azure), ensuring adherence to DevSecOps and secure SDLC practices.
• Develop and present metrics, compliance dashboards, and executive briefings to senior leadership on the current state of security programs and initiatives.
• Lead cross-team collaboration to align cybersecurity strategies, remediation plans, and policy enforcement with company-wide initiatives.
• Maintain and enhance the security of critical infrastructure systems (e.g., IoT, OT devices) where applicable.

Normal Work Schedule

This is a full-time position. Standard business hours are Monday through Friday 8:30 AM to 5:30 PM. Additional time outside of these hours may be needed to complete the essential functions of the job.

Education, Training, and Experience

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field.
• 5+ years of experience in federal information security roles, including risk management, incident response, and compliance.
• Proven experience in applying NIST frameworks (800.53, CSF, 800.82), FedRAMP, FISMA, CJIS, HITRUST, and other regulatory baselines.
• Demonstrated expertise in conducting risk and vulnerability assessments, implementing security controls, and developing policy and procedure documentation.
• Experience managing A&A processes, third-party risk programs, and compliance across enterprise systems.
• Familiarity with secure cloud operations in AWS and Azure environments.
• Experience collaborating across departments including engineering, CISO, legal, and audit teams.
• Excellent analytical, communication, and collaboration skills; ability to tailor security messages to both technical and executive audiences.

Preferred Certifications

• Certified Information Systems Security Professional (CISSP) – ISC²
• Microsoft Certified Systems Engineer (MCSE)

Tools & Technologies

• Vulnerability Management Tools (e.g., Nessus, Metasploit)
• Governance, Risk, and Compliance (GRC) systems
• Security Information and Event Management (SIEM) platforms
• Microsoft Azure, AWS Cloud Platforms
• Enterprise Applications (e.g., SAP, PeopleSoft, Oracle)

EEO Statement

The Company is an Equal Employment Opportunity (EEO) employer and does not discriminate based on race, color, religion, sex, sexual orientation, national origin, age, marital status, disability, veteran's status, or any other basis protected by applicable discrimination laws.

• #LI-Hybrid