Information Systems Security Officer (ISSO)

• Support and execute all phases of the NIST SP 800-37 RMF lifecycle including categorization, control selection, implementation, assessment, authorization, and continuous monitoring.
• Develop, maintain, and update RMF documentation in JCAM including System Security Plans, Security Assessment Plans, Security Assessment Reports, POA&Ms, Configuration Management Plans, Contingency Plans, Incident Response Plans, Risk Assessment documentation, and interconnection documents.
• Establish system impact levels following FIPS 199 for confidentiality, integrity, and availability.
• Ensure systems comply with FISMA, NIST SP 800-53 Rev 5, OMB A-130, and applicable agency cybersecurity policies.
• Prepare and maintain Body of Evidence materials and control traceability documentation in JCAM
• Support Authorization to Operate (ATO), Authority to Connect (ATC), and ongoing authorization activities; maintain associated documentation in JCAM.
• Review and analyze vulnerability scan results using Tenable Security Center.
• Validate asset inventories and correlate system information.
• Validate secure configuration baselines and system hardening standards.
• Track remediation activities and ensure POA&M items and milestones are created, updated, and closed on schedule.
• Review endpoint security posture and support investigations by correlating endpoint findings with vulnerability, configuration, and CDM data.
• Provide security reporting, dashboards, and status updates to system owners and leadership.
• Support configuration management processes by reviewing and assessing change requests for security impact.
• Ensure security controls are implemented correctly during system changes, upgrades, or new deployments.
• Stay informed on emerging cybersecurity policies, standards, and threat landscapes; provide recommendations for improving security posture
• Collaborate with technical and non-technical personnel to review systems, gather evidence, and communicate security requirements.

Bachelor’s degree in IT, Cybersecurity, Computer Science, or related field (or equivalent experience) with 5-8+ years or (commensurate experience)

Required Skills and Experience

• 2–3 years in an ISSO or cybersecurity compliance role supporting RMF process.
• Strong understanding of NIST 800-53 controls and assessment procedures.
• Experience collecting, developing and maintaining RMF artifacts.
• Experience managing POA&Ms and documenting remediation efforts.
• Experience reviewing, interpreting, or validating vulnerability and configuration findings.

Clearance Required:  Ability to obtain and maintain a HUD Public Trust clearance.

Preferred Qualifications

• CISSP, CISM, or similar advanced certification.
• Experience supporting federal authorization packages.
• Familiarity with CDM reporting and continuous monitoring processes.
• Experience supporting secure development or cloud system reviews.