Information Systems Security Officer

Information Systems Security Officer (ISSO)

Role Description

The Information Systems Security Officer (ISSO) provides cybersecurity compliance, Risk Management Framework (RMF) implementation, and system authorization support to ensure the customer system meets Department of Defense (DoD) cybersecurity requirements. The ISSO serves as the primary interface between engineering, testing, and authorization stakeholders to ensure all security controls are properly implemented, documented, and assessed.

Remote, 10% travel required

Key Responsibilities

RMF Implementation & Authorization Support

• Support RMF lifecycle activities in accordance with DoDI 8510.01 
• Assist with system categorization and control selection (NIST SP 800-53) 
• Develop and maintain RMF artifacts including: 
• System Security Plan (SSP) 
• Plan of Action & Milestones (POA&M) 
• Security Control Traceability Matrix (SCTM) 
• Security CONOPS (SECONOPS) 
• Incident Response Plan (IRP) 
• Coordinate with Authorizing Official (AO), Security Control Assessor (SCA), and Government stakeholders 

Security Control Implementation & Validation

• Document implementation of security controls, 
• Validate control inheritance from Government Furnished Equipment (GFE)
• Ensure alignment between system architecture and cybersecurity requirements 
• Support assessment readiness for cyber test events (CVI, CVPA, ACDT, AA) 

eMASS & Compliance Management

• Maintain the system Body of Evidence within eMASS 
• Track control implementation status and associated artifacts 
• Ensure all documentation is complete, current, and audit-ready 
• Support continuous updates based on testing results and design changes 

Integration with Testing & Engineering

• Incorporate findings from: 
• Cyber test events 
• MBCRA and CTT activities 
• Translate technical findings into RMF-relevant documentation updates 
• Support risk determination and mitigation tracking 
• Ensure vulnerabilities are properly reflected in POA&M entries 

Continuous Monitoring & Risk Management

• Develop recommendations for continuous monitoring strategy 
• Track and report cybersecurity risks to program leadership 
• Support mitigation planning and validation 
• Provide input into system design decisions to reduce cyber risk 

Minimum Qualifications

• Bachelor’s degree in Cybersecurity, Information Systems, Engineering, or related field 
• 10+ years of experience supporting DoD cybersecurity programs 
• Demonstrated experience with RMF (DoDI 8510.01) implementation 
• Hands-on experience with eMASS 
• Knowledge of NIST SP 800-53 security controls 
• Experience supporting ATO or interim authorization efforts 

Preferred Qualifications

• Active Secret or Top Secret clearance 
• Professional certifications such as: 
• CISSP 
• CAP (Certified Authorization Professional) 
• Security+ (DoD 8570 compliant) 
• Experience with tactical or embedded systems 
• Familiarity with Army cybersecurity processes and interoperability testing 

At SIXGEN, we are committed to fair and equitable compensation practices. The anticipated salary range for this role is $150,000-$160,000 per year, depending on experience and qualifications. This range reflects our compensation philosophy, which takes into account various factors including the candidate's relevant experience, education, skills, LCATs rates and position level, and market competitiveness.  In addition to base salary, employees may be eligible for other forms of compensation to include our growth incentive program, incentives and benefits. The final salary offer will be determined after a thorough review of the candidate's background and alignment with the role. Please note that this range is subject to change and should be considered as a guideline rather than a definitive figure.