ASRC Federal Technology Solutions is looking for an experienced Information Systems Security Officer (ISSO) responsible for ensuring the confidentiality, integrity, and availability of information systems by implementing and maintaining security controls in compliance with organizational policies, federal regulations, and industry standards. The ISSO serves as a key member of a small cybersecurity team and must be independently motivated to ensure the protection of key system while working closely with the client to maintain expectations. Responsible for overseeing the security posture of assigned systems, conducting risk assessments, and ensuring compliance with frameworks such as NIST, FISMA, and FedRAMP. Hybrid work schedule (onsite 3-days a week, Washington, DC). **Responsibilities**: - Experienced developing, implementing and maintaining System Security Plans (SSPs) for assigned information system(s). - Monitor and evaluate system security controls, on a daily/weekly/monthly frequency, to ensure ongoing compliance with organizational and regulatory requirements. - Conduct regular security assessments, evaluate vulnerability scans, and monitor audits to identify and mitigate risks. - Experienced with applying the NIST SP 800-53, Security and Privacy Controls for Information Systems and Organizations document. - Work closely with technical staff to explain and interpret NIST security controls to address both obvious and interpreted control requirements. - Coordinate with system owners and stakeholders to address security vulnerabilities and implement corrective actions. Briefing leadership on ongoing system risk posture. - Maintain Plan of Actions and Milestones (POA&M) to track and resolve security weaknesses. - Respond to compliance reporting requirements for system performance. - Ensure systems comply with federal regulations (e.g., FISMA, FedRAMP) and organizational policies. - Prepare and submit security documentation, including Authorization to Operate (ATO) and Authorization to Test (ATT) packages, to authorizing officials. - Provide ongoing reports on system security status, incidents, and compliance to leadership and auditors. Escalating concerns before missing deadlines or significant change in risk posture. - Incident Response and Recovery: - Support incident response activities, including identification, containment, and remediation of security incidents. - Document and report security incidents in accordance with organizational incident response plans. - Participate in tabletop exercises and post-incident reviews to improve security processes. **Required Skills:** - Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience). - 8 years of experience in cybersecurity, information assurance, or a related field. - Experience with security frameworks such as NIST 800-53, FISMA, and FedRAMP. - Prior experience as an ISSO supporting system security authorization processes. Preferred certifications include CISSP, CISA, CISM, CompTIA Security+, CAP, or other relevant cybersecurity certifications. **Skills and Abilities:** - Strong knowledge of cybersecurity principles, risk management, and security controls. - Proficiency in security tools (e.g., Nessus, Splunk, or similar). - Excellent analytical, problem-solving, and communication skills. - Ability to work independently and collaboratively in a fast-paced environment. **Clearance:** Ability to obtain a DOE Q Clearance (TS Equivalent). We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law. The salary offered will depend on several factors including, but not limited to, relevant experience, skills, education, geographic location, internal equity, business needs, and other factors permitted by law. Posted pay ranges are a general guideline only and are not a guarantee of compensation or salary.