Information System Security Officer

The Information System Security Officer (ISSO) is responsible for implementing and maintaining the security posture of assigned information systems. The ISSO ensures systems are compliant with federal regulations, organizational policies, and industry best practices, primarily following the NIST Risk Management Framework (RMF) and associated standards. Develop, maintain, and update System Security and Privacy Plans (SSPs), Plan of Action and Milestones, and other security documentation. Conduct regular system audits, vulnerability scans, and risk assessments. Ensure vulnerabilities are mitigated within defined timeframes. Implement and monitor security controls in accordance with NIST SP 800-171, NIST 800-53 and other Risk Management Framework. Support the Assessment & Authorization (A&A) process; assist in obtaining and maintaining system Authorization to Operate (ATO). Ensure daily, weekly, monthly, yearly continuous monitoring activities are conducted, including log reviews and incident response coordination improving detection and response time to incidents. Assist in responding to security incidents, investigations, and reporting. Ensure compliance with FISMA, FedRAMP (if cloud), or agency-specific security requirements. Experience with securing AI, LLM.