Position SummaryECS is seeking an Information Systems Security Officer (RMF) - Journeyman to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this role, the selected candidate will support Task 3 - Cybersecurity Operations Support by executing and sustaining Risk Management Framework (RMF) activities for assigned information systems, maintaining required cybersecurity documentation, coordinating assessments, and helping preserve an auditable security posture across ARNG systems. The ISSO (RMF) works closely with system owners, ISSMs, engineers, and Authorizing Officials as part of ENOCS' broader cybersecurity operations team delivering continuous monitoring, compliance, vulnerability management, and Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) support.
Please Note: This position is contingent upon contract award.This role directly contributes to the protection of ARNG classified and unclassified network environments that support more than 120,000 users and approximately 141,000 endpoints across about 2,800 sites in 54 states and territories. The position helps sustain cybersecurity readiness for Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified SIPRNet operations by maintaining accurate eMASS records, supporting ongoing authorization activities, and aligning RMF execution with the ENOCS cyber environment, including coordination with NETCOM Global Cyber Center, DISA DCDC, and cybersecurity operations that integrate continuous assessment, vulnerability analysis, and approved risk thresholds across the DoDIN-A(NG) area of responsibility.
Responsibilities- Execute RMF activities for assigned systems in accordance with DoD and ARNG cybersecurity policy to support compliant, mission-ready operations across the ENOCS environment.
- Develop, update, and maintain RMF documentation, including System Security Plans (SSPs), Security Control Traceability Matrices (SCTMs), security assessment artifacts, and Plans of Action and Milestones (POA&Ms).
- Maintain accurate eMASS records and supporting authorization documentation throughout the system lifecycle to help sustain Authorization to Operate (ATO) status.
- Coordinate security control selection, implementation validation, and assessment support activities with system owners, ISSMs, engineers, and Authorizing Officials.
- Track remediation actions, document control deficiencies, and verify closure evidence to support continuous monitoring and auditable cybersecurity compliance.
- Support periodic security compliance reviews, vulnerability analysis, and ongoing maintenance of authorization activities in alignment with ENOCS RMF support processes.
- Assist with audit, inspection, and assessment preparation by organizing security artifacts, validating documentation accuracy, and ensuring traceability of corrective actions.
- Contribute to cybersecurity operations supporting classified and unclassified ARNG environments, including systems operating within established hosting platform ATO boundaries and SIPRNet-related mission environments where applicable.
- Coordinate RMF and compliance activities within the broader Task 3 cybersecurity mission supporting 24x7x365 cyber defense operations across the DoDIN-A(NG) area of responsibility in coordination with NETCOM Global Cyber Center and DISA DCDC.
Required QualificationsU.S. Citizenship is required
Security Clearance: Secret Eligible
Required Certifications: DCWF Work Role 722-Information Systems Security Manager - Basic proficiency; must hold ONE OR MORE of the following: CC
Experience: 3+ years of experience in information assurance
- Experience developing and maintaining RMF documentation packages, including SSPs, SCTMs, assessment artifacts, and POA&Ms.
- Experience maintaining cybersecurity authorization records in eMASS and supporting documentation quality throughout the system lifecycle.
- Experience coordinating with ISSMs, system owners, engineers, and Authorizing Officials to resolve findings and support authorization decisions.
- Experience tracking remediation activities and validating security control effectiveness to support continuous monitoring.
- Experience supporting security assessments, compliance reviews, audits, or inspections in a DoD or Federal cybersecurity environment.
- Familiarity with maintaining auditable evidence aligned with ongoing assessment and authorization activities.
