Information System Security Officer (Secret Cleared)

Responsibilities:

• System Security & Compliance
• Implement and maintain security controls in accordance with applicable frameworks (e.g., NIST, ISO, CIS)
• Ensure information systems comply with organizational policies, regulatory requirements, and contractual obligations
• Support system authorization activities, including ATO packages, risk assessments, and security documentation
• Conduct continuous monitoring, vulnerability assessments, and security control testing
• Track and remediate Plan of Action & Milestones (POA&Ms)
• Risk Management & Governance
• Identify, assess, and mitigate system-level security risks
• Perform security impact analyses for system changes and enhancements
• Support risk acceptance and exception processes
• Participate in audits, inspections, and security assessments
• Incident Response & Monitoring
• Monitor security alerts and logs; investigate potential security incidents
• Support incident response activities, including containment, remediation, and reporting
• Coordinate with SOC, IT, and system owners during security events
• Documentation & Training
• Develop and maintain System Security Plans (SSPs), policies, procedures, and supporting artifacts
• Provide security guidance to system owners, administrators, and users
• Support security awareness and compliance training initiatives
• Collaboration & Continuous Improvement
• Work with IT and engineering teams to integrate security into system design and operations
• Recommend and implement security improvements and best practices
• Stay current on emerging threats, vulnerabilities, and regulatory changes