Information System Security Officer

Strategic Analysis, Inc. is seeking a candidate to provide Information Systems Security Officer (ISSO) and technical advisory support. The successful candidate will have expertise in Department of Defense (DOD) compliance standards and a strong familiarity with NIST (National Institute of Standards and Technology) RMF (Risk Management Framework) and the Authority to Operate (ATO) process. In this role, you will be responsible for ensuring the security and compliance of information systems within a DoD environment.

Responsibilities:

• DoD Compliance: Coordinate and execute efforts to ensure that information systems, processes, and organization policy comply with Department of Defense (DOD) cybersecurity and regulatory requirements and standards. This includes DoD 5400 Series, NIST SP 800-53, NIST SP 800-37, NIST SP 800-60, and FIPS 140-2, with some level of awareness regarding Trade Agreement Act (TAA) and Clinger Cohen Act (CCA) compliance.
• ATO: Assist in the management of the Authorization to Operate (ATO). Collaborate with relevant stakeholders to ensure timely and successful processing of Risk Management Framework (RMF) workflows. This includes preparing and submitting artifacts, conducting security assessments, and liaising with the Authorizing Official (AO) SCA (Security Control Assessor) Team.
• Security Assessments: Perform risk and vulnerability assessments on information systems and software to identify weaknesses. Utilize ACAS (Assured Compliance Assessment Solution) and/or Tenable, Inc. products to provide mitigation and/or remediation guidance to applicable stakeholders.
• Security Documentation: Coordinate and collaborate with DCWF (Defense Cyber Workforce) personnel to develop, update, and continuously monitor security documentation, including but not limited to System Security Plans (SSPs), Security Assessment Reports (SARs), Plan of Action and Milestones (POA&Ms), security control implementation plans, and assessment procedure test results.
• Security Awareness: Promote a culture of cybersecurity awareness by educating staff and stakeholders about emerging cybersecurity policies and best practices. Adhere to DoD 8140 guidelines to ensure cybersecurity training and awareness programs remain active and all DCWF personnel remain on their compliance roadmap.
• Continuous Monitoring: Collaborate in maintaining the continuous monitoring strategy; assist in the observation and analysis of detected threats and/or compliance violations.
• Collaboration: Collaborate with cross-functional teams, including IT, engineering, software development, and AI/data collection teams to ensure security requirements are integrated into system designs and processes.

Qualifications:

• 5 Years and Bachelor's or relevant years of experience in lieu of degree.
• Minimum of 3 years of experience as an ISSO or in a similar role.
• In-depth knowledge of DOD compliance standards, including NIST, RMF, and DODI 8500 Series.
• Proven experience in executing ATO processes and achieving ATO approvals.
• Familiarity with cybersecurity tools such as SCAP, STIGs, and ACAS.
• Strong analytical and problem-solving skills.
• Excellent written and verbal communication skills.
• Strong analytical and problem-solving skills.

Certifications:
• Intermediate or Advanced 8140 Certificates, one or more of the following: Intermediate: Sec+, SSCP, GSEC, CGRC/CAP, CCSP, CCISO, CASP+ Advanced: CISM, CISSO, CISSP, CISSP-ISSMP, GCIA, GCIH, GCSA, GICSP, GSLC.

Strategic Analysis, Inc. is an Equal Opportunity employer and is committed to non-discrimination in employment. All qualified applicants will receive consideration for employment without regard to race, color, religions, sex (including pregnancy, sexual orientation, or gender identity), national origin, disability (physical or mental), age (40 or older), protected veteran status, genetic information (including family medical history) or any other characteristic protected by law. This policy includes but is not limited to the following employment actions: recruitment, hiring, firing, promotion, demotion, compensation, fringe benefits, training, mentoring and sponsorship programs.