Information System Security Officer (ISSO)

About the OrganizationNow is a great time to join Redhorse Corporation. Redhorse specializes in developing and implementing creative strategies and solutions with private, state, and federal customers in the areas of cultural and environmental resources services, climate and energy change, information technology, and intelligence services. We are hiring creative, motivated, and talented people with a passion for doing what's right, what's smart, and what works.
About the RoleRedhorse is seeking a highly skilled Information System Security Officer (ISSO) to provide critical cybersecurity support to the 704th MI BDE at Fort Meade, MD. This crucial role ensures the confidentiality, integrity, and availability of sensitive information systems by implementing and maintaining robust security controls. The successful candidate will play a vital part in safeguarding national security, working alongside a team of cybersecurity professionals to protect critical military assets. This is a chance to make a significant contribution to a vital mission.

Key Responsibilities

• Perform the duties of an Information System Security Officer (ISSO) as defined in AR 25-2, DA 25-2-14, and the NIST SP 800-53 security controls when the organizationally defined personnel includes the ISSO.
• Conduct Risk and Vulnerability Assessments, perform Security Architecture Reviews and System Security Engineering while simplifying Risk Management Framework (RMF) for DoD Information Technology execution, employing innovative approaches for managing risk, and increasing the level of automation when carrying out specific tasks.
• Actively manage the organization’s Enterprise Mission Assurance Support Service (eMASS) records, including:
• Validating security controls and associated artifacts.
• Assessing security scan results and STIGs as required.
• Performing POA&M updates, tracking, and resolution.
• Lead continuous monitoring activities of the organization.
• Collaborate with the O-ISSM on all assessment and authorization activities to ensure information systems maintain an Authority to Operate (ATO) on all applicable DoD/IC networks.
• Maintain up-to-date status on all assigned systems and communicate status to Government leads.
• Maintain complete records of communications, submit written status reports as required, perform peer-review as directed, and attend weekly meetings.
• Correspond with the Government customer and system administrators to communicate any unacceptable risks identified and correct deficient POA&M items to meet DoD and IC standards.
• Coordinate with the Security Control Assessor (SCA) to perform analysis of the overall risk level the system poses to enterprise networks and mission data.
• Create and maintain cybersecurity policies and standards.
• Ensure that cybersecurity plans, controls, processes, standards, policies, and procedures are aligned with cybersecurity standards.
• Ensure security scans and STIG checklists are updated according to DA G2 policy.
• Produces actionable, risk-based reports on security assessment results.
• Assists with vulnerability remediation when necessary.
• Develops and maintains security plans and security testing plans.
• Periodically updates and improves risk models; metrics; reports; processes; and activities to stay compliant with evolving DoD and IC standards.
• Ensures the user community understands and adheres to necessary procedures to maintain security posture of the information systems.
• Provide guidance in the creation and maintenance of Standard Operating Procedures (SOPs); Tactics, Techniques, and Procedures (TTPs); and other similar documentation.

Required Experience/Clearance

• Bachelor’s degree in an area of Science, Technology, Engineering or Mathematics with at least 5 years’ experience as a cybersecurity professional
• Active TS security clearance and eligible for SCI and NATO read-on prior to starting work.
• Meet the DoD requirements for a privileged user on a TS/SCI information system prior to starting work - DoD 8140 / 8570.01-m requirements.
• 7 years’ experience with the assessment and accreditation activities of national security systems (NSSs)
• 5 years’ experience validating system security controls.
• 5 years’ experience with vulnerability management
• 4 years’ experience with DISA Security Technical Implementation Guides (STIGs), DISA Security Requirements Guide (SRG), and vendor-specific security guides
• 4 years’ experience with RMF and eMASS
• 2 years’ experience with POA&M tracking and resolution
• 1 year experience performing the continuous monitoring of system security controls.

Desired Experience

• 5 years’ experience as an ISSO on Army Intel programs
• 1 year experience with AC2SP tenant assessment and accreditation activities
• Experience working on large Department of Defense contracts.
• Experience leading a team of cybersecurity professionals.
• Familiarity with DataBricks, GitLab, or Jira.
• Advanced certifications in cybersecurity (e.g., CISSP, CISM).

Equal Opportunity Employer/Veterans/Disabled  Accommodations:If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to access job openings or apply for a job on this site as a result of your disability. You can request reasonable accommodations by contacting Talent Acquisition at Talent-Acquisition@redhorsecorp.com Redhorse Corporation shall, in its discretion, modify or adjust the position to meet Redhorse’s changing needs.This job description is not a contract and may be adjusted as deemed appropriate in Redhorse’s sole discretion.