Information System Security Officer
Remote / Online - Candidates ideally in
Arlington, Arlington County, Virginia, 22201, USA
Listed on 2026-01-12
Arlington, Arlington County, Virginia, 22201, USA
Listing for:
Zermount, Inc.
Remote/Work from Home
position Listed on 2026-01-12
Job specializations:
-
IT/Tech
Cybersecurity, Information Security, IT Consultant, IT Project Manager
Job Description & How to Apply Below
Join to apply for the Information System Security Officer role at Zermount, Inc.
Military Friendly & Preferred – Hoh Sponsor
Responsibilities- Lead and conduct Pre‑Security Assessment and Authorization (A&A) activities, including stakeholder identification, change request submissions, appointment memorandums, and IT Security Kickoff meetings.
- Support the ISBO in day‑to‑day IT security activities.
- Assist the ISBO with reviews of the system’s security posture and report findings to the ISBO, CISO, and the AO.
- Conduct Information System Categorization by identifying information types, completing FIPS‑199 assessments, and facilitating Business Impact Analyses (BIA), Privacy Threshold Analyses (PTA), and Privacy Impact Assessments (PIA).
- Develop and maintain system security documentation, including:
- System Administration Plan (SAM)
- Configuration Management Plan (CMP)
- IT Contingency Plan (ITCP)
- Information Security Continuous Monitoring (ISCM) Plan
- Incident Response Plan (IRP)
- Security Assessment Report (SAR)
- System Security Plan (SSP)
- Coordinate initial and annual ITCP testing in collaboration with the OCIO Business Continuity and Disaster Recovery (BCDR) Office.
- Develop and manage inter‑agency agreements and documentation such as MOUs, MOAs, ISAs, IT Security Waivers, and Risk Acceptance Memorandums.
- Document and maintain Security Control Implementation details, ensuring updates are made according to required frequency.
- Coordinate vulnerability and compliance scans, Security Control Assessments (SCA), and track remediation efforts with the IT Security Test Team.
- Manage and update Plan of Action and Milestones (POA&M) entries, submitting remediated findings for closure.
- Prepare and present SAR to Authorizing Officials to obtain or renew ATO.
- Perform Information Security Continuous Monitoring (ISCM) activities to ensure ongoing compliance and security posture of systems.
- Develop and update project schedule, including A&A / SCA tasks and milestones, task dependencies, and personnel resources.
- Conduct A&A activities and tasks and obtain ATO in line with NIST and client guidance and directives.
- Determine baseline IT Security requirements for IT Systems, identifying system boundaries, determining information categories, and assisting with FIPS‑199.
- Ensure that IT Systems are operated, used, maintained, and disposed of in accordance with internal security policies and practices.
- Enforce security policies and safeguards on all personnel having access to the IT System for which the ISSO has responsibility.
- Ensure users and system support personnel have the required authorization and need‑to‑know; they have been indoctrinated; and they are familiar with internal security practices before access to the IT System.
- Implement security controls based on IT System FIPS categorization.
- Document security control implementation in the system’s Security Plan using the client’s GRC tool.
- Document system’s risk assessment per client directives and requirements.
- Review and monitor system security and audit logs.
- Develop and maintain Plan of Actions and Milestones (POA&Ms) for IT systems.
- Update A&A documentation and artifacts on a regular basis (e.g. annually, after approved change).
- A minimum of five (5) years of demonstrated experience in the Information Security or IT field.
- Proficiency in developing, maintaining, and managing SA&A packages.
- Experience with developing and managing POA&M’s.
- Strong problem‑solving and analysis skills; self‑motivated, and able to work and communicate in a team environment.
- Strong understanding of federal cybersecurity frameworks (e.g., NIST RMF, FIPS‑199, FISMA).
- Experience in developing and maintaining security documentation and plans.
- Experience conducting CPT’s.
- Experience conducting audit log reviews.
- Technical experience with conducting vulnerability management, compliance scanning, and providing mitigation techniques.
- Excellent communication and coordination skills with technical and non‑technical stakeholders.
- Ability to manage multiple systems and projects simultaneously in a dynamic environment.
- Excellent written and verbal communication skills.
- At least one (1) certification that meets DoD 8570 IAT Level II (e.g., Security+, GSEC, CASP) or any equivalent or more advanced.
- Client Suitability and Public Trust.
- Primary location:
Zermount HQ (Arlington, VA) and the Client Site (Washington, D.C.). Remote work is authorized. - Onsite work at the primary location, occasionally required.
- Business
Hours:
8:00 am ET – 5:30 pm ET.
- Mid‑Senior level.
- Full‑time.
- Information Technology.
- Computer and Network Security.
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×