Information System Security Officer (ISSO)

Description

Title: Information System Security Officer (ISSO)

Location: Washington, D.C. (Onsite)

Terms: Full-time

Clearance: Active Top Secret with SCI eligibility

Travel: 0%

Position Description

Harmonia is seeking an experienced Information System Security Officer (ISSO) to support a mission-critical operations environment at the Department of State in Washington, DC. The ISSO will be responsible for ensuring compliance with government security policies and standards while providing oversight of system security, assessing risks, and implementing necessary security controls to safeguard classified systems and data. This position requires an active Top Secret clearance with SCI eligibility and U.S. citizenship.

Veterans are encouraged to apply.

Responsibilities:

• Implement and maintain security controls in accordance with government regulations, such as NIST 800-53, FISMA, and DoD Risk Management Framework (RMF).
• Monitor, evaluate, and maintain the security posture of systems, ensuring compliance with Security Technical Implementation Guides (STIGs) and other relevant security requirements.
• Develop and update System Security Plans (SSPs), Risk Assessments, Plan of Action and Milestones (POA&Ms), and other documentation to reflect the current system security state.
• Collaborate with system administrators, network engineers, and other IT staff to identify, mitigate, and document risks associated with system vulnerabilities and security threats.
• Ensure continuous monitoring of systems by reviewing audit logs, conducting vulnerability scans, and assessing the effectiveness of existing security controls.
• Provide support for security assessments and accreditation processes, ensuring that security controls are properly implemented and verified.
• Lead security control assessments and assist with audits and inspections from internal and external agencies.
• Serve as the point of contact for all system security-related matters and provide guidance to system owners on maintaining compliance with security regulations.
• Conduct regular security briefings and training to staff on the importance of maintaining security best practices within the SCIF environment.
• Respond to and manage security incidents, coordinating with relevant stakeholders to perform root cause analysis and remediation.
• Ensure that systems and networks comply with the Continuous Monitoring Program (CMP) and Incident Response Plan (IRP) for rapid detection and response to security events.

Required Qualifications

• Active Top Secret clearance with SCI eligibility is required.
• 5 years hands-on experience with security controls and compliance frameworks (e.g. Risk Management Framework (RMF), NIST, FISMA, etc.), developing and maintaining System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms) and other security documentation.
• Strong understanding of Security Technical Implementation Guides (STIGs) and hardening of systems.
• Strong experience as an Information System Security Officer (ISSO) or similar role within a SCIF or other highly secure government environments.
• Proven ability to implement, manage, and monitor security controls, assess vulnerabilities, and mitigate security risks.
• Hands-on experience with vulnerability management tools, SIEM solutions, and continuous monitoring technologies.
• Familiarity with security incident response procedures, including root cause analysis and remediation.
• Strong analytical and problem-solving skills with attention to detail.
• Excellent communication and collaboration skills to work effectively with technical teams and senior leadership.

Desired Qualifications

• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA).
• Experience with classified systems accreditation processes and Continuous Diagnostics and Mitigation (CDM).
• Familiarity with security automation tools and processes.