Information System Security Officer

We are seeking an experienced Information System Security Officer (ISSO) to support and maintain compliance for cloud systems operating under the Federal Risk and Authorization Management Program (FedRAMP). The ISSO will oversee compliance with NIST SP 800-53 security controls, support system authorization activities, and sustain the overall security posture of assigned information systems, while ensuring alignment with additional industry frameworks such as ISO and SOC 2. This role requires strong collaboration across technical, operational, customer, and vendor teams to support business objectives while maintaining regulatory compliance and risk management standards.

• →Implement, assess, and monitor security controls in accordance with NIST SP 800-53 and FedRAMP requirements.
• →Maintain and update System Security Plans (SSPs), Security Assessment Reports (SARs),
• →Plans of Action and Milestones (POA&Ms), and other authorization artifacts.
• →Support FedRAMP authorization and continuous monitoring activities, including
• →Conduct security control assessments, vulnerability assessments, and risk analyses.
• →Coordinate with system owners, engineers, external assessors (3PAOs), customers, and
• →Interface with customers to address security and compliance inquiries, communicate risk
• →Conduct vendor and third-party security reviews, including due diligence assessments,
• →Support incident response activities, including reporting and documentation per federal
• →Review system changes for security impact and participate in configuration control
• →Ensure compliance with federal policies, agency-specific requirements, and internal
• →Support alignment and crosswalk efforts between FedRAMP/NIST controls and
• →Engage stakeholders across technical and business functions with clear, concise communication to support informed risk-based decision-making in the best interest of the organization.
• →Provide security guidance and recommendations that balance compliance requirements, operational efficiency, and business priorities.

• Bachelor’s degree in Management of Information Systems (MIS), Cybersecurity, or related field (or equivalent experience).
• 3–5+ years of experience in information security, with at least 2 years supporting FedRAMP or federal compliance frameworks.
• Strong knowledge of NIST controls and FedRAMP Moderate baselines.
• Experience developing and maintaining ATO packages.
• Experience mapping or harmonizing controls across multiple frameworks (e.g., NIST, ISO, SOC 2). Experience conducting vendor risk assessments and third-party security evaluations.
• Ability to communicate technical and compliance concepts effectively to both technical and non-technical stakeholders.

• Active Security Clearance
• Professional certifications such as CISA, CAP, and/or Security+.
• Experience working with FedRAMP-authorized systems or within a federal agency.
• Experience supporting customer audits, compliance reviews, or external stakeholder engagements.