Information Systems Security Officer (ISSO)

Company Overview
Development InfoStructure LLC., (Devis) is a leading provider of innovative software development, management, and consulting services, specializing in cutting-edge technologies such as DevSecOps, AI, and Machine Learning. With over 30 years of experience as a small business, we have established ourselves as a trusted partner for government agencies, delivering tailored, mission-critical solutions that drive digital transformation and operational excellence. Our client-centric approach, coupled with our deep domain expertise and technical prowess, enables us to forge enduring relationships and consistently deliver high-impact, adaptive solutions that resonate with the unique needs of the public sector.

Our primary mission is to best serve the needs of our clients by solutioning with our stakeholder teams to ensure that the goals and objectives of our customers are proactively solutioned, such that opportunities to invest our time in developing long-term solutions and assets are abundant and move our clients forward efficiently.

At Devis, we are enthusiastic about our research, our work and embracing an environment where all are supported in the mission, while maintaining a healthy work-life balance.

Overview

As a mid-level ISSO, you will play a key role in supporting Multilevel Security (MLS) implementation, cybersecurity risk management, compliance activities, and system accreditation support. You will serve as an advisor on MLS solutions, security documentation, policy interpretation, and continuous monitoring of system security postures. This position requires a proactive and organized professional who thrives in a fast-paced environment and works collaboratively with stakeholders across technical and security teams.

You will be the primary point of contact for maintaining and monitoring system security documentation including Security System Plans (SSPs), Plans of Actions and Milestones (POA&Ms), security procedures, and network architecture diagrams. You will provide expertise to support IRM TRB processing, Security Impact Assessment (SIA) packages, and security policy enforcement under evolving federal cybersecurity directives including NIST SP 800-53 Rev 5 and M-22-09. This role is full-time on-site with a flexible work schedule.

Responsibilities

• Analyze and define security requirements for Multilevel Security (MLS) systems and environments
• Design, engineer, and implement technical solutions to meet MLS and system security requirements
• Conduct risk analyses and assessments, documenting findings and recommendations
• Develop and update security documentation including standards, policies, SOPs, and architecture diagrams
• Serve as the primary Point of Contact (POC) for:
  • Security Impact Assessment (SIA) packages for the Network Operations Center (NOC).
  • IRM ITCCB submissions and tracking.
  • Monthly, quarterly, and annual ISSO checklist deliverables.
  • Updates to System Security Plans (SSPs) and POA&M entries.
  • Monitoring cybersecurity scorecard metrics.
• Participate in governance and compliance activities, including IRB, CCB, A&A, and M-21-31 policy meetings.
• Provide secondary support for:
  • Transition to NIST SP 800-53 Rev 5 controls.
  • Implementation of M-22-09 Zero Trust cybersecurity principles.
  • Transition from General Support System (GSS) to AWS-hosted infrastructure.
  • Supply Chain Risk Management control family establishment.
  • Compliance with FAN/FAH guidance and Binding Operational Directives
• Support the preparation and maintenance of A&A packages and system compliance documentation.
• Respond to taskers and special projects as assigned.

Required Skills and Qualifications

• BA/BS in Information Systems, Cybersecurity, or a related field.
• 5-7 years of hands-on experience in system security, risk analysis, and compliance.
• Experience implementing and maintaining security documentation in accordance with RMF and NIST guidance
• Working knowledge of FedRAMP, FISMA, and DHS cybersecurity compliance frameworks
• Familiarity with AWS security practices and cloud compliance strategies
• Understanding of Zero Trust Architecture and its application in federal environments
• Experience using governance tools (e.g., eMASS, Xacta, ServiceNow GRC)
• Excellent organizational and tracking skills, especially for POA&M and control implementation statuses
• Demonstrated ability to interpret federal policy and translate into actionable security tasks
• Experience with the Federal government, preferably with DOS

• Must be a U.S. Citizen with the ability to obtain and maintain a Secret clearance.
• Active Secret Clearance.

Additional Perks/Benefits

• Competitive Salary Compensation
• 401k Retirement Contribution Savings Plan

Devis is an AA/EOE/M/F/Disabled/VET Employer committed to providing equal employment opportunity without regard to an individual’s race, color, religion, age, gender, sexual orientation, veteran status, national origin or disability.