×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Information System Security Officer

Job in Arlington, Arlington County, Virginia, 22201, USA
Listing for: Hiring Our Heroes
Full Time position
Listed on 2026-03-06
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below

Military Friendly & Preferred - Hoh Sponsor

The Information Systems Security Officer (ISSO) is responsible for supporting the full lifecycle of security assessment and authorization (A&A) activities for information systems. The ISSO ensures that assigned systems comply with federal cybersecurity standards and maintain their Authority to Operate (ATO) through continuous monitoring and documentation.

The ISSO will be responsible for developing and providing risk assessments, Security Control Assessments (SCA), A&A documentation and various reports, based on NIST guidelines and client's policies, procedures and requests. The ISSO will also provide security recommendations on any system changes or new technologies, analyze vulnerability scans, conduct continuous monitoring activities, and provide mitigation recommendations for any risks or threats.

Responsibilities
  • Lead and conduct Pre‑Security Assessment and Authorization (A&A) activities, including stakeholder identification, change request submissions, appointment memorandums, and IT Security Kickoff meetings.
  • Support the ISBO in day‑to‑day IT security activities.
  • Assist the ISBO with reviews of the security posture of the system and report any findings to the ISBO, CISO, and the AO.
  • Conduct Information System Categorization by identifying information types, completing FIPS‑199 assessments, and facilitating Business Impact Analyses (BIA), Privacy Threshold Analyses (PTA), and Privacy Impact Assessments (PIA).
  • Develop and maintain system security documentation, including:
    • System Administration Plan (SAM)
    • Configuration Management Plan (CMP)
    • IT Contingency Plan (ITCP)
    • Information Security Continuous Monitoring (ISCM) Plan
    • Incident Response Plan (IRP)
    • Security Assessment Report (SAR)
    • System Security Plan (SSP)
  • Coordinate initial and annual ITCP testing in collaboration with the OCIO Business Continuity and Disaster Recovery (BCDR) Office.
  • Develop and manage inter‑agency agreements and documentation such as MOUs, MOAs, ISAs, IT Security Waivers, and Risk Acceptance Memorandums.
  • Document and maintain Security Control Implementation details, ensuring updates are made according to required frequency.
  • Coordinate vulnerability and compliance scans, Security Control Assessments (SCA), and track remediation efforts with the IT Security Test Team.
  • Manage and update Plan of Action and Milestones (POA&M) entries, submitting remediated findings for closure.
  • Prepare and present SAR to Authorizing Officials to obtain or renew ATO.
  • Perform Information Security Continuous Monitoring (ISCM) activities to ensure ongoing compliance and security posture of systems.
  • Develop and update project schedule, including A&A / SCA task and milestones, task dependencies, and personnel resources.
  • Conduct A&A activities and tasks and obtain ATO in line with NIST and client guidance and directives.
  • Determine the baseline IT Security requirements for IT Systems, identify system boundaries, determine information categories, assist with FIPS‑199.
  • Ensure that IT Systems are operated, used, maintained, and disposed of in accordance with internal security policies and practices.
  • Enforce security policies and safeguards on all personnel having access to the IT System for which the ISSO has responsibility.
  • Ensure users and system support personnel have the required authorization and need‑to‑know; have been indoctrinated; and are familiar with internal security practices before access to the IT System.
  • Implement security controls based on IT System FIPS categorization.
  • Document security control implementation in the system's Security Plan using the client's GRC tool.
  • Document system's risk assessment per client directives and requirements.
  • Review and monitor system security and audit logs.
  • Develop and maintain Plan of Actions and Milestones (POA&Ms) for IT systems.
  • Update A&A documentation and artifacts on a regular basis (e.g. annually, after approved change).
Qualifications
  • A minimum of five (5) years of demonstrated experience in the Information Security or IT field.
  • Demonstrates a proficiency with developing, maintaining and managing SA&A packages.
  • Experience with developing and managing POA&M's.
  • Strong problem‑solving…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search