Job Title: Information Systems Security Officer (ISSO)
Location: Honolulu, HI (100% onsite)
Clearance Required: Public Trust Eligible
Salary Range: $120K - $145K
Application Deadline: June 30, 2026
To apply, please follow these steps:
- Visit https://ibsscorp.com/careers/
- Select the position you are interested in
- Review the job details, then click Apply Now
- Complete and submit your application
Description: The Information System Security Officer (ISSO) serves as the lead cybersecurity practitioner supporting the NOAA National Weather Service (NWS) Tsunami Warning System, a High-impact FISMA system operating under a single ATO that covers both the Pacific Tsunami Warning Center and the National Tsunami Warning Center in Alaska. Working 100% on-site at the Pacific Region Headquarters in Honolulu, the ISSO provides FISMA compliance, security authorization, and continuous monitoring support to the NO CIO, IT Security Officers, and System Owner for a fully on-premise mission-critical system that protects life and property across the Alaska and Pacific Regions. The role requires a self-directed, detail-oriented professional who can independently maintain security documentation, drive POA&M remediation, deliver role-based security training, and produce high-quality artifacts that meet DOC, NOAA, NWS, and NIST Risk Management Framework standards. The ISSO will travel to the Alaska Tsunami Warning Center approximately twice per year and maintain continuity of support during all core HST business hours.
Key Responsibilities:- Draft, propose, and maintain IT security policies, procedures, templates, and checklists for the Tsunami Warning System in accordance with DOC, NOAA, NWS, and NIST guidance.
- Perform full security authorization process activities, including developing and updating high-quality security authorization package documentation (System Security Plan, contingency plan, business impact analysis, backup and recovery plans, contingency plan test plans and reports) and supporting reauthorization activities (current ATO valid through 7/31/2026).
- Conduct compliance and quality reviews of system security plans, security control implementation descriptions, and contingency planning artifacts; provide written feedback for improvement.
- Manage the full Plans of Action and Milestones (POA&M) lifecycle, including reviewing closure evidence, validating completeness of content, tracking remediation timelines, and providing monthly status updates; ISSO holds POA&M closure approval authority alongside the ITSO.
- Upload and maintain all security documentation in the Joint Cybersecurity Assessment and Management (JCAM) system (formerly CSAM).
- Develop, deliver, and administer role-based IT security training (annual cybersecurity training for ~37 users; specialized training for 6 key security role holders including the Authorizing Official, System Owner, and four system administrators) using PowerPoint presentations, webinars, video conferencing, or instructor-led content.
- Support ACIO assessment teams in implementing the NIST Risk Management Framework and managing all NIST SP 800-53 security controls applicable to the system.
- Assist in assembling responses to Office of the Inspector General (OIG), DOC, and NOAA inquiries, audits, and data calls as directed by the Federal IT Security Services Branch (ITSSB).
- Provide expert advice on IT security solution options for Microsoft Windows and Red Hat Linux environments, including FedRAMP-authorized cloud services in use (ServiceNow, SmartSheet, Google Workspace at Low impact), and assist with risk measurement, migration planning, and implementation of new security tools.
- Track and report all required metric data on monthly, quarterly, and annual cadences; produce monthly program status reports detailing completed work, milestones, schedule variances, and projected work for the upcoming month.
- Travel to the National Tsunami Warning Center in Alaska approximately twice annually and participate in the contractor's transition activities (minimum two-week overlap) at contract start and end.
Required Skills /Education/ Certifications & Qualifications:- Minimum of one (1) of the following professional certifications required or documented evidence of being at least one (1) year into the process of attaining one: CompTIA A+, CompTIA Network+, CompTIA Security+, GIAC Certified Incident Handler (GCIH), GIAC Security Expert (GSE), GIAC Information Security Professional (GISP), GIAC Security Leadership Certification (GSLC), ISC2 Certified Authorization Professional (CAP), ISC2 System Security Certified Practitioner (SSCP), ISC2 Certified Information System Security Professional (CISSP), Certified Information Systems Auditor (CISA), ISACA Certified in Risk and Information System Control (CRISC), Security Certified Network Professional (SCNP), or Security Certified Network Architect (SCNA).
- Demonstrated prior Federal Government project/contract experience that included (1) advising on IT security requirement solution options and developing supporting documentation/white papers, (2) leading development of solution migration and implementation plans for IT security requirements, and (3) creating IT security policies and procedures.
- Working knowledge of U.S. Federal IT security policies and implementation standards and comprehensive understanding of NIST guidance, including NIST SP 800-53
- Proficiency with industry-standard IT security tools such as Cyber Security Assessment and Management (CSAM/JCAM) and Tenable Security Center (or equivalent vulnerability management platform).
- Demonstrated experience in contingency planning, backup and recovery best practices, and applying NIST guidance in those areas.
- Comprehensive understanding of encryption techniques, tools, and best practices for protecting organizational data.
- Strong interpersonal skills, including demonstrated proficiency in handling multiple concurrent tasks, project and time management, and the ability to efficiently adjust to changing priorities.
- Ability to work on-site full-time during HST core business hours and maintain uninterrupted coverage; flexibility to travel to Alaska approximately twice per year.
Desired Skills:- Higher-tier industry certifications demonstrating advanced cybersecurity expertise, such as CISSP-ISSEP (Information Systems Security Engineering Professional), CISSP-ISSAP (Information Systems Security Architecture Professional), CISSP-ISSMP (Information Systems Security Management Professional), or PMP (Project Management Professional).
- Hands-on experience administering security for Microsoft Windows and Red Hat Linux systems, or comparable enterprise environments.
- Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Systems, Information Assurance, Engineering, or a related technical field.
- Prior ISSO or equivalent FISMA practitioner experience supporting a NOAA, NWS, or Department of Commerce system.
- Working knowledge of FedRAMP-authorized cloud services in use on the Tsunami Warning System (ServiceNow, SmartSheet, Google Workspace) and the security implications of inheriting controls from FedRAMP Low boundaries.
IBSS offers a competitive benefits package that includes medical, dental, vision, and prescription drug coverage with a company-paid deductible, paid time off, federal holidays, a matching 401K plan, tuition/professional development reimbursement, and Flex-Spending (FSA)/Dependent Care Account (DCA) options.
