CrawlJobs Logo
Arcfield Logo Arcfield · IT - Administration

Lead Information Systems Security Officer (ISSO)

United States, Colorado Springs Employment contract 97016.00 - 168692.00 USD / Year · Job Posted June 02, 2026
Apply Position
Job Link Share

Job Description

We are seeking an experienced and driven Lead Information Systems Security Officer (ISSO) to guide and oversee the design, implementation, and continuous improvement of our USSF customer's information security program in CO Springs, CO. The Lead ISSO will serve as a critical point of contact for all security-related matters and be responsible for ensuring compliance with organizational, customer, and regulatory security requirements. In this leadership role, you will manage a team of cybersecurity professionals, lead security initiatives, oversee risk management, and act as a key advisor on security policies and processes.

Job Responsibility

  • Manage and oversee a team of ISSOs, analysts, and engineers
  • Provide mentorship, training, and guidance for developing team members' skills and expertise
  • Assign and prioritize security-related tasks and initiatives
  • Drive the implementation of best practices for system security
  • Serve as the primary SME on security policies, frameworks, and applicable standards
  • Develop, implement, and maintain System Security Plans (SSPs)
  • Lead periodic risk assessments and vulnerability assessments
  • Manage the certification and accreditation (C&A) process
  • Conduct security audits and reviews
  • Monitor and assess security-related control systems
  • Oversee system security measures
  • Manage handling of security incidents
  • Monitor security logs and review system audit trails
  • Maintain Incident Response and BCDR frameworks
  • Collaborate with system owners, administrators, and vendors
  • Provide security awareness training
  • Act as primary liaison with external auditors
  • Draft, implement, and enforce security policies
  • Create and maintain systems documentation
  • Stay current with emerging cybersecurity threats

Requirements

  • Bachelor’s degree (8-10 years' exp). Master's degree (6-8 years' exp) or a PhD (3-5 years' exp) in Computer Science, Information Security, Cybersecurity, or a related discipline (or equivalent work experience)
  • 7+ years of experience in cybersecurity or system security-related roles
  • 3+ years of experience in leadership, mentoring, or team management roles in a security-focused environment
  • Proven hands-on experience with security operations, policies, and frameworks
  • Must possess and maintain an ACTIVE TS/SCI CLEARANCE
  • Strong knowledge of cybersecurity frameworks and standards, such as NIST Risk Management Framework (RMF), FISMA, ISO 27001/27002, and GDPR
  • Thorough understanding of operating systems security (Windows, Linux, and Unix), network protocols, and security tools such as firewalls, VPNs, IDS/IPS, and endpoint protection
  • Experience using vulnerability scanning tools such as Nessus, Qualys, or Rapid7, and security information and event management (SIEM) tools like Splunk or LogRhythm
  • Scripting and automation experience with languages like Python, PowerShell, or Bash is preferred
  • Familiarity with cloud security best practices for platforms such as AWS, Microsoft Azure, or Google Cloud Platform
  • Demonstrated experience implementing and managing risk management processes, including vulnerability and threat assessments, risk remediation planning, and reporting to leadership teams
  • Proven success in preparing for and passing third-party IT audits or certifications (e.g., FISMA audits, SOC 2 audits, etc.)
  • Solid understanding of authentication mechanisms (Active Directory, SSO, MFA), encryption standards (TLS, AES), and secure data management principles
  • Proven leadership experience managing teams of cybersecurity professionals and fostering collaboration across departments
  • Ability to work cross-functionally to influence security decisions and communicate complex technical issues to non-technical stakeholders
  • Strong ability to evaluate risks and vulnerabilities, mitigate threats, and respond to incidents with urgency and precision
  • Analytical skills to correlate security events and identify potential sources or anomalies

Nice to have

  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • GIAC Security Essentials (GSEC)
  • AWS Security Specialty
  • CRISC (Certified in Risk and Information Systems Control)
  • Knowledge and experience with zero-trust architecture principles
  • Experience with DevSecOps and integrating security into CI/CD pipelines
  • Familiarity with tools such as AWS Config, Azure Security Center, or Google Cloud Security Command Center

What we offer

  • Health Insurance
  • Life Insurance
  • Paid Time Off
  • Holiday Pay
  • Short Term and Long-Term Disability
  • Retirement and Savings
  • Learning and Development opportunities
  • wellness programs
Arcfield - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Lead Information Systems Security Officer (ISSO)

8 matching positions

Senior Information System Security Officer

We are seeking a highly skilled and mission-driven Senior Information Systems Se...
Location
Location
United States , Clarksburg
Salary
Salary:
Not provided
imts.us Logo
Innovative Management & Technology Services
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or a related field (or equivalent combination of education and experience)
  • 8+ years of progressive experience in information systems security, with at least 3 years in a senior-level or lead ISSO role supporting federal or state government agencies
  • Strong working knowledge of: NIST 800-53, RMF, FISMA, OWASP Top 10, and SANS Institute standards
  • SAFe Agile environments and integrating security in Agile workflows
  • Networking, Linux/Windows system administration, and secure software development practices
  • Cloud platforms (AWS, Azure, GCP) and related security tools (e.g., AWS Security Hub, Azure Defender)
  • Experience in managing security documentation, participating in audits, and working with compliance frameworks
  • Relevant certifications such as CISSP, CISM, Security+, CEH, or equivalent
  • Active Top Secret clearance is required
  • U.S. Citizenship is required
Job Responsibility
Job Responsibility
  • Lead the implementation and maintenance of system security controls in compliance with federal cybersecurity frameworks, including NIST SP 800-53, RMF, OWASP, DISA STIGs, and Common Criteria
  • Oversee the full lifecycle of Authorization to Operate (ATO) processes, including preparation of System Security Plans (SSPs), Security Assessment Reports (SARs), POA&Ms, and risk assessments
  • Serve as a senior security advisor and liaison to system owners, developers, DevOps engineers, and government stakeholders
  • Participate in technical reviews of system architecture and ensure secure design of virtualized and software-defined infrastructures
  • Support integration of security controls into CI/CD pipelines using DevSecOps principles and tools (e.g., Jenkins, GitLab CI, SonarQube, Snyk)
  • Provide security engineering support for modern cloud environments, including AWS, Azure, or Google Cloud Platform, and assess cloud-native security capabilities
  • Conduct vulnerability assessments, interpret scan results from tools like Tenable, Nessus, Splunk, or Qualys, and lead remediation efforts
  • Mentor junior ISSOs and analysts on security policies, best practices, and tool usage
  • Ensure continuous monitoring activities are aligned with organizational risk tolerance and compliance goals
What we offer
What we offer
  • competitive compensation
  • excellent benefits including tuition reimbursement and employer-contributed 401K
  • referral bonuses
  • Fulltime
Read More
Arrow Right

SCIF Manager / Information System Security Officer

Astrion has an exciting opportunity for an SE-3 SCIF Manager/ ISSO Mid-Level at ...
Location
Location
United States , Eglin Air Force Base
Salary
Salary:
Not provided
astrion.us Logo
Astrion
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in a technical discipline and a minimum of 3 years of technical experience. Additional experience may be substituted for education
  • Active Top Secret, Top Secret/SCI eligibility required
  • U.S. Citizenship is required
  • Must possess a DOD 8140, DoD Cybersecurity Workforce Framework (DCWF) certification or higher
  • As the SCIF Manager – knowledgeable professional with a solid background in secure facility operations and national security compliance
  • As the ISSO - experience with implementing and maintaining security controls
  • Experience in monitoring the systems for vulnerabilities and ensuring that all security patches and updates are applied
  • Understanding of Air Force cybersecurity policies and procedures using Air Force guidance
  • Organized, detail-oriented expert capable of maintaining the highest standards of information security while managing complex facility requirements
  • Excellent communication and customer interface skills
Job Responsibility
Job Responsibility
  • Respond to Information System Security Manager’s guidance in maintaining compliance with system security requirements
  • Lead the daily operations, maintenance, and security of Sensitive Compartmented Information Facilities (SCIFs), ensuring all systems comply with applicable security protocols and federal guidelines, including ICD 705, NISPOM, and DoD regulations
  • Implement and maintain security controls for information systems within the SCIFs
  • Monitor the systems for vulnerabilities and ensuring that all security patches and updates are applied
  • Assist with the implementation and enforcement of all Air Force cybersecurity policies and procedures using Air Force guidance
  • Accomplish cybersecurity incident monitoring and response
  • Manage multiple SCIF accreditation processes from start to finish, including coordination with accrediting authorities, documentation preparation, inspections, and audits
  • Establish and enforce physical and technical security standards within SCIF environments
  • Ensure strict control over access, surveillance systems, secure communications, TEMPEST requirements, and secure storage
  • Lead and mentor personnel involved in SCIF operations, including special security representatives and facility support staff
What we offer
What we offer
  • Competitive salaries
  • Continuing education assistance
  • Professional development
  • Multiple healthcare benefits package options
  • 401K with employer matching
  • Competitive time off policy along with a federally recognized holiday schedule
  • Fulltime
Read More
Arrow Right

Secops Lead

Serves as the Lead Cybersecurity Operations (SECOPS) contractor, providing senio...
Location
Location
United States , Washington, DC
Salary
Salary:
Not provided
aac.com Logo
AAC
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Demonstrated ability to guide technical discussions and provide expert advisory support to senior government officials, including the CISO, system owners, SOC staff, and executive leadership, while operating under government direction
  • Proven experience as a SOC Lead or Senior Team Lead, successfully coordinating with managed security service providers (MSSPs) and external cybersecurity partners (e.g., CISA, CYBERCOM) in support of incident response (IR), incident handling (IH), and vulnerability management (VM) activities), including mitigating actions to contain activity and facilitating forensics analysis when necessary
  • Documented experience conducting and guiding in-depth technical evaluations of INFOSEC, IT security, and cybersecurity tactics, techniques, and procedures (TTPs), including their impact on baseline system configurations
  • Demonstrated proficiency providing cybersecurity posture assessments, hygiene reporting, and technical input in support of Governance, Risk, and Compliance (GRC) activities and continuous monitoring programs
  • Experience providing incident response support to network subscribers, including recommending mitigating actions, supporting containment efforts, and facilitating forensic analysis under government oversight
  • Demonstrated expertise in log-based and endpoint-based threat detection, threat hunting, and analysis across multiple threat sources
  • Strong technical knowledge of web services security, Microsoft cloud environments (Azure, M365), and modern enterprise security architectures
  • Advanced experience evaluating the security of complex web portals, APIs, and databases (e.g., Java, Ruby, SQL, Oracle) using commercial and open-source security assessment tools such as SQLmap and mongoaudit
  • Near-expert proficiency in: Web application security testing frameworks (e.g., NMAP, W3af)
  • Continuous monitoring and remediation tools (e.g., Azure Security Center, Defender for Cloud, Qualys, Wireshark)
Job Responsibility
Job Responsibility
  • Serves as the Lead Cybersecurity Operations (SECOPS) contractor, providing senior-level technical leadership and operational support to the Agency’s IT Security Program
  • Supports and coordinates SECOPS activities under government direction and maintains technical inputs to the Agency’s IT Security Program
  • Provides senior technical advisory support to the Chief Information Security Officer (CISO) on developments in cybersecurity, information security (INFOSEC), and IT security, including emerging threat vectors, advanced persistent threats (APTs), attack surface analysis, and identified weaknesses
  • Supports Agency-level technical implementation of approved cybersecurity policies, standards, and directives by developing technical documentation, implementation guidance, and draft procedures for government review and approval
  • Leads day-to-day contractor cybersecurity operations activities within the SECOPS function, supporting government-led oversight of systems and services that impact the Agency’s mission and critical infrastructure
  • Implements and administers cybersecurity incident handling (IH) and incident response (IR) capabilities, including SIEM dashboards, detection inputs, incident response playbooks, and operational metrics, to improve efficiency and effectiveness of security operations
  • Facilitates and coordinates SECOPS activities in support of the Agency’s Information Security (INFOSEC) Program, assisting Agency system security personnel and Information System Security Officers (ISSOs)
  • Serves as the senior technical advisor for threat, vulnerability, and configuration management activities, providing threat intelligence analysis, mitigation recommendations, and defensive strategy insights to Agency stakeholders
  • Fulltime
Read More
Arrow Right

Information Systems Security Officer

StraitSys is seeking an Information Systems Security Officer. In this role, you ...
Location
Location
United States , Huntsville
Salary
Salary:
Not provided
yulista.com Logo
Yulista Holdings
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Ability to lead an Army program to meet all documentation, artifact, and eMASS cyber security management requirements to achieve an Authority to Operate (ATO) for an Army tactical system
  • Skilled in providing technical support in the areas of vulnerability assessment, risk assessment, network security, product evaluation, and security implementation
  • Versed in design of information system contingency plans and other deliverables which maintain appropriate levels of protection and meet time requirements for minimizing operations impact to customer organization as well as Security Authorization and Assessment (A&A processes)
  • Strong writing skills to develop and maintain System Security Plans (SSP), Contingency Plans, Privacy Impact Assessments, Certification Reports, Accreditation Reports, Plan of Action & Milestones (POA&M), and other C&A documentation
  • Demonstrates oral and written communication skills to work closely with all levels of personnel involved in IT operations and technical aspects of systems
  • Familiarity with security policies & guidance documents to assist with the preparation and maintenance of process artifacts and traceability documents purposed for compliance with Authority to Operate (ATO) requirements
  • Must be a US Citizen
  • Active Secret Clearance
  • Greater than one-year minimum practical experience as an ISSO familiar with eMASS, ACAS/ Nessus scans, applying STIGs, etc.
  • Familiarity with cybersecurity and IT security matters, including documentation requirements and security control implementation
Job Responsibility
Job Responsibility
  • Supports all aspects of Risk Management Framework(RMF) processes tailored to include minimum cybersecurity standards and demonstrate competency with specific experience in Cyber Security, Engineering, Test & Evaluation, (T&E) and/or Security Control Assessor (SCA) under a Certification & Accreditation (C&A) and/or Assessment & Authorization (A&A) process
  • Function as a representative for cybersecurity matters, including reporting requirements, data calls, Army CIO requirements, as well as legal and compliance matters relating to IT security
  • Design, implementation, and support of cybersecurity artifacts
  • Actively participate in IT and security meetings
  • Manage the ATO process for Army tactical missile systems and assets, including control implementation and documentation
  • Conducts testing and audit log reviews to evaluate the effectiveness of current security measures. Directs and implements the necessary controls and procedures to cost-effectively protect information systems assets from intentional or inadvertent modification, disclosure, or destruction
  • Monitors security of electronic data, application system usage, networks, and physical environment
  • Evaluate security solutions to ensure they meet security requirements for processing up to classified information and supervise and/or maintain the operational security posture for an information system or program
  • Fulltime
Read More
Arrow Right
New

Cybersecurity Engineer, Mid

Are you looking for an opportunity to share your cybersecurity experience to pro...
Location
Location
United States , Fort Meade
Salary
Salary:
99000.00 - 225000.00 USD / Year
boozallen.com Logo
Booz Allen Hamilton
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience with information assurance or cybersecurity
  • Experience serving as an Information Systems Security Officer (ISSO) or Governance, Risk, and Compliance specialist
  • Experience with the Cybersecurity Assessment and Authorization process to manage and administer an Authority to Operate (ATO) to maintain compliance with DoD, NIST, and RMF requirements
  • Experience utilizing the Enterprise Mission Assurance Support Service (eMASS) to address security controls, create POA&Ms, and upload artifacts such as STIG checklists and ACAS scans
  • Experience reviewing vulnerability documentation and developing Plan of Action and Milestones (POA&M) or courses of action to remediate findings
  • Knowledge of NIST SP 800-53 Rev 5 transition requirements and planning of implementation strategies
  • Ability to collaborate with program management office representatives such as ISSM, ISSE, assessors, systems architects, and systems engineering to manage accreditation
  • Secret clearance
  • Bachelor's degree
  • Cybersecurity Certification
Job Responsibility
Job Responsibility
  • Implement security solutions compliant with DoD, NIST, and RMF directives
  • Apply advanced skills and extensive technical expertise to solve complex cybersecurity challenges
  • Assess cybersecurity requirements, develop courses of action and POA&Ms, and proactively engage with clients and cybersecurity stakeholders to implement effective solutions
  • Prepare reports to inform and advise senior technical staff and management both verbally and in writing
  • Consistently coalesce with the systems security engineering team to prioritize and align system hardening activities to mitigate system vulnerabilities
  • Lead tasks such as planning, execution, staff oversight, and status reporting for an enterprise-level program management office
  • Utilize strong leadership skills and independence to work in a client-facing environment and mentor subordinate team members
  • Engage effectively with clients to understand their needs and provide viable cybersecurity solutions
What we offer
What we offer
  • health
  • life
  • disability
  • financial
  • retirement benefits
  • paid leave
  • professional development
  • tuition assistance
  • work-life programs
  • dependent care
  • Fulltime
Read More
Arrow Right

Vulnerability Management Lead, Information System Security Officer

Vulnerability Management Lead, Information System Security Officer (ISSO) will s...
Location
Location
United States , Lexington Park
Salary
Salary:
100000.00 - 145000.00 USD / Year
kairosinc.net Logo
KAIROS Inc
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong customer relations, analytics, documentation skills
  • Self-starter, highly motivated, strong work ethic with a commitment to quality
  • Microsoft office suite proficiency, i.e., Word, Excel, PowerPoint
  • Ability to work within a challenging, fast-paced, team-oriented environment
  • Ability to work independently
  • Ability to multi-task and meet competing, deliverable deadlines
  • Detail oriented
  • Excellent interpersonal and customer service skills
  • Excellent verbal and written communication skills to provide clear status and/or communicate issues
  • Ability to adapt to evolving technology
Job Responsibility
Job Responsibility
  • Assess and validate PMA-268 RMF packages (Authorizations to Operate (ATOs) and Interim Authorizations to Test (IATTs)
  • Coordinate development of the Security Assessment Plan (SAP) with Integrated Product Team (IPT) SSE and system ISSO
  • Submit SAP for approval
  • Execute the SAP
  • Provide a summary of failed controls in Enterprise Mission Assurance Support Service (eMASS) (Risk Assessment)
  • Complete the Security Assessment Report (SAR)
  • Provide POA&M update recommendations to the PMA/IPT based on assessment results
  • Ensure traceability of all vulnerabilities from raw assessment results to the POA&M
  • Support Continuous Monitoring (ConMon) activities (e.g. annual security reviews, system/changes/ Memorandums for the Record (MFRs))
  • Create consolidated list of mitigation statements for POA&Ms (unclassified) to assist ISSOs with established mitigation statements for common non-compliant security controls
What we offer
What we offer
  • Medical Coverage
  • Employer Paid Dental, Vision, Basic Life/AD&D, Short-Term/Long-Term Insurance
  • Health Savings Account with Contribution by Employer
  • 401K Plan with Employer Matching
  • Annual Discretionary Bonuses
  • Paid Time Off
  • Eleven (11) Paid Holidays
  • Certification reimbursement program
  • Tuition Reimbursement Program
  • Paid Parental Leave
  • Fulltime
Read More
Arrow Right

Program Manager

Come join our growing team and make a difference every day! AnaVation is seeking...
Location
Location
United States , Washington, DC
Salary
Salary:
Not provided
anavationllc.com Logo
AnaVation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s or master’s degree in Project Management, Information Systems, Cybersecurity, Business Administration, or a related field preferred
  • In lieu of a degree, at least ten (10) years of progressively responsible program management experience in federal IT or cybersecurity environments is required
  • A minimum of eight (8) years of overall experience
  • At least five (5) years of experience managing cybersecurity and Governance, Risk, and Compliance (GRC)-specific programs on large federal enterprise systems
  • Project Management Professional (PMP) certification is required
  • Certified Information Systems Security Professional (CISSP) certification is required
  • Proven experience leading cross-functional technical teams in a cybersecurity or RMF-compliant environment
  • Project or task management experience and the ability to perform standard project management tasks
  • Must have excellent written and verbal communication skills and the ability to produce deliverables of high quality without oversight
  • Strong understanding of NIST SP 800-53, RMF, FISMA, federal cybersecurity policy, ATO processes, etc.
Job Responsibility
Job Responsibility
  • Provide overall program leadership and oversight across all contract activities
  • Manage day-to-day operations, team schedules, and performance metrics
  • Serve as the primary interface with stakeholders, including the COR and GTM
  • Ensure timely submission of weekly activity reports, deliverables, and quality control plans
  • Develop and execute transition plans, staffing plans, and strategic recommendations
  • Monitor financial status, operational risks, and program milestones
  • Review ISSO outputs for completeness, accuracy, and compliance with RMF and standards
  • Coordinate training, leave schedules, and ensure contract staffing remains at required levels
  • Lead quality assurance activities and maintain program documentation
  • Evaluate and support special projects to enhance program efficiency or cybersecurity posture
What we offer
What we offer
  • Generous cost sharing for medical insurance for the employee and dependents
  • 100% company paid dental insurance for employees and dependents
  • 100% company paid long-term and short term disability insurance
  • 100% company paid vision insurance for employees and dependents
  • 401k plan with generous match and 100% immediate vesting
  • Competitive Pay
  • Generous paid leave and holiday package
  • Tuition and training reimbursement
  • Life and AD&D Insurance
  • Fulltime
Read More
Arrow Right

Navy Qualified Validator

Synectic Solutions seeks a Navy Qualified Validator to join our team supporting ...
Location
Location
United States , Corona
Salary
Salary:
140000.00 - 150000.00 USD / Year
synecticsolutions.com Logo
Synectic Solutions Inc
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Must be on NQV List or if moved to inactive been on NQV list within last 18 months where reactivation can be obtained (Alternatively, equivalent experience as an ISSO will also be considered)
  • Must have an active DoD Secret Clearance
  • 10+ Years and bachelor’s degree in Information Systems, Engineering, Computer Science, or Business or similar field
  • Nessus/ACAS Scanner Experience - ACAS dashboard, setup, ability to run scans, ability to troubleshoot scanner and scanner results
  • NIST/STIG Experience - Experience with STIG Viewer/validation/analyzing and compiling results into a POA&M
  • RMF Experience - Experience with eMASS, Artifacts, Test Plans, Control Assessments, and compiling tools to process and collate test results
  • CISSP Certification/IAT Level II Certified
  • Ability to provide presentations to senior level staff
  • Advanced level skills in Microsoft Office software suite - Word, Excel, Outlook, PowerPoint
  • Ability to communicate effectively with all levels of employees, Government personnel, and other stakeholders
Job Responsibility
Job Responsibility
  • Act as Validator for all RMF packages for the NSWC Corona – Corona Division
  • Serve as portfolio SME for the Portfolio Information Systems Security Manager (ISSM) in compliance reviews of systems
  • Manage, track and delegate all cybersecurity actions for division
  • Contribute to the development of cybersecurity policies and procedures
  • Responsible for reviewing, assessing, and managing cybersecurity risks
  • Responsible for the management of Risk Management Framework (RMF) best practices to attain/ maintain continuous Authority-to-Operate (ATO) capability
  • Ensure the cybersecurity posture of assigned projects
  • Direct RMF continuous ATO attainment/maintenance
  • Research National Institute of Standards and Technology (NIST), DoD and Navy Guidance on Cybersecurity and related topics in response to requests for data or information related to cybersecurity topics, posture, impacts, or issues and reviews
  • Review architectures and designs for cybersecurity compliance and provide recommendations
  • Fulltime
Read More
Arrow Right