Key Facts

Remote From:

Full time

Senior (5-10 years)

English

Hard Skills

Technical Surveillance Counter-Measures Risk Management NIST 800 Security Information And Event Management (SIEM) Configuration Management Vulnerability Management FedRAMP Risk Governance Auditing Digital File Management Vulnerability Assessments Risk Analysis Incident Response Plan Of Action And Milestones (POA&M) Documentation Generation Mentoring Youth Stakeholder Engagement

Other Skills

•
Teamwork
•
Verbal Communication Skills

Job description

cFocus Software is seeking a highly skilled Mid-Level Information Systems Security Officer (ISSO) to support the Enterprise Security Services (ESS) program. This role is responsible for ensuring compliance with federal cybersecurity requirements, maintaining security documentation, and supporting system authorization and continuous monitoring activities. The successful candidate will oversee security control assessments, provide risk management guidance, and collaborate with stakeholders to maintain secure system configurations in alignment with the ESS Performance Work Statement (PWS).

Responsibilities

Security Governance

Oversee the implementation and enforcement of system security requirements as defined by the PWS.
Ensure compliance with federal cybersecurity policies, including NIST RMF, FISMA, and FedRAMP.
Support and maintain system security plans (SSPs), risk assessments, and authorization documentation.
Collaborate with system owners, administrators, and engineers to maintain secure system configurations.

Risk & Compliance Management

Lead security control assessments and support continuous monitoring activities.
Conduct vulnerability assessments, risk analyses, and recommend remediation strategies.
Support audits, inspections, and authorization processes (ATO/ATC).
Develop, maintain, and track Plans of Action and Milestones (POA&Ms).

Documentation & Reporting

Develop and deliver security documentation, reports, and briefings to leadership and stakeholders.
Ensure timely and accurate reporting of cybersecurity posture, risks, and incidents.
Maintain accurate and up-to-date security artifacts to support compliance and accreditation efforts.

Mentorship & Collaboration

Mentor and provide guidance to junior ISSOs and cybersecurity staff.
Collaborate with internal and external stakeholders to resolve security concerns and support mission objectives.

Required Experience

6+ years of cybersecurity experience, with at least 3+ years as an ISSO in a federal environment.
Strong knowledge of NIST SP 800-53, Risk Management Framework (RMF), and federal cybersecurity policies.
Experience developing and maintaining security documentation (SSPs, SARs, POA&Ms, etc.).
Proficiency in vulnerability management, incident response, and continuous monitoring practices.
Demonstrated ability to brief senior leadership and communicate effectively across technical and non-technical stakeholders.

Education & Certifications

Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field.
Relevant cybersecurity certifications (e.g., CISSP, CISM, CISA, CAP, or equivalent).
Master’s degree preferred.