Job Details

Position Summary:

The Information System Security Officer (ISSO) is responsible for ensuring the confidentiality, integrity, and availability of information systems in accordance with DoD cybersecurity policies and standards. The ISSO will provide direct support to system owners in maintaining compliance with applicable cybersecurity frameworks, conducting risk assessments, managing system authorizations, and overseeing continuous monitoring activities.

Key Responsibilities:

• Develop, implement, and manage cybersecurity policies and procedures in compliance with DoD and Navy directives.
• Conduct system security assessments, risk analyses, and vulnerability management to identify and mitigate threats.
• Support the development, review, and maintenance of System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms).
• Participate in system authorization activities, ensuring compliance with DoD RMF (Risk Management Framework) requirements.
• Coordinate with system administrators, network engineers, and program managers to ensure proper implementation of security controls.
• Monitor cybersecurity posture, manage incident response activities, and perform forensic data collection and reporting.
• Provide security awareness and training to staff and end users to promote compliance with cybersecurity best practices.
• Communicate effectively across all levels of the organization regarding cybersecurity posture, incidents, and mitigation actions.

Required Certifications (IAM Level II):

Candidates must meet the DoD 8570.01-M IAM-II baseline certification requirements by possessing one or more of the following:

• CAP
• CASP+ CE
• CISM
• CISSP (or Associate)
• GSLC
• CCISO
• HCISPP

Education:

• Bachelor's degree in Computer Science, Information Technology, Communications Systems Management, or a related STEM discipline from an accredited college or university.

Experience:

• Minimum of six (6) years of experience in:
  • Coordinating and enacting required security changes within various organizational levels to ensure compliance with published cybersecurity policies.
  • Conducting cybersecurity vulnerability and threat analyses.
  • Supporting cyber incident response efforts, including isolation of affected assets, initial investigations, data collection, and status reporting.

Preferred Qualifications:

• In-depth knowledge of DoD Risk Management Framework (RMF) and NIST 800-53 security controls.
• Experience with Navy or DoD information systems and accreditation processes.
• Familiarity with enterprise security tools (e.g., ACAS, HBSS, eMASS).
• Strong written and verbal communication skills, with the ability to brief senior leadership.