Information Systems Security Officer

Position Overview

The Senior Information System Security Officer (ISSO) will provide expert cybersecurity oversight, governance, and continuous monitoring support for mission critical systems within the Department of Veterans Affairs (VA). This role requires deep familiarity with VA security policies, ATO processes, enterprise tools, and the unique operational environment of federal healthcare IT. The ISSO will partner closely with system owners, engineering teams, auditors, and VA cybersecurity leadership to ensure systems remain compliant, secure, and aligned with federal and VA specific requirements.

• Lead security compliance activities in alignment with VA, NIST, FISMA, and federal cybersecurity frameworks
• Manage and maintain system security documentation including SSPs, SARs, POA&Ms, and risk assessments
• Support and guide systems through the full ATO lifecycle, including initial authorization, continuous monitoring, and renewals
• Ensure adherence to VA Handbook 6500, VA security directives, and TIC/Zero Trust initiatives

• Oversee vulnerability management, patch compliance, and security control assessments
• Conduct regular reviews of audit logs, scan results, and security events
• Identify, document, and track risks; develop mitigation strategies and compensating controls
• Coordinate with VA CSOC, privacy teams, and engineering groups to resolve findings

• Provide security guidance during system design, integration, and modernization efforts
• Review architecture diagrams, data flows, and configuration changes for security impact
• Support incident response activities and root cause analysis
• Advise development and operations teams on secure engineering practices

• Serve as the security liaison between program leadership, system owners, and VA cybersecurity offices
• Prepare and deliver briefings, dashboards, and status updates for executives and auditors
• Collaborate with cross functional teams to ensure security requirements are understood and implemented

• 7+ years of experience as an ISSO or similar cybersecurity role supporting federal agencies
• Direct experience working within the VA environment (e.g., ATO processes, eMASS, Archer, CSAM, VA Handbook 6500)
• Strong understanding of NIST SP 800 53, RMF, FISMA, and federal cybersecurity governance
• Experience managing POA&Ms, vulnerability remediation, and continuous monitoring activities
• Ability to interpret technical system details and translate them into security requirements
• Excellent communication skills, including executive level reporting

• Experience supporting VA OIT, EHRM, VBA, VHA, or enterprise ICAM programs
• Familiarity with cloud security (AWS, Azure, VAEC)
• CISSP, CAP, Security+, or equivalent certifications
• Experience with Zero Trust, identity modernization, or large scale federal IT transformations

• Ability to obtain and maintain a Public Trust