Lead ISSO

Tyto Athene is searching for a highly experienced Lead Information System Security Officer (ISSO) to support our customer in Arlington, Virginia.Responsibilities:Lead Risk Management Framework Assessment & Authorization (A&A) activities for various information systemsLead the entire RMF cycle for all assigned systems to include: initiation, categorization, selection, implementation, assessment, authorization & continuous monitoringImplement & manage security controls in accordance with the current revision of NIST 800-53Conduct ongoing security reviews & tests of assigned systems to verify that security features and controls are functional and effectiveDevelop Plan of Action & Milestones (POA&Ms) in response to identified vulnerabilities, and lead remediation effortsDevelop security documentations to include, but not limited to, System Security Plans (SSPs), Plan of Actions & Milestones (POA&Ms), and other artifacts to support the Body of Evidence (BOE)Coordinate security testing exercises to include but not limited to: incident response, disaster recovery & contingency activitiesReview proposed change requests related to system design/configuration and perform a security impact analysis (SIA) to provide approval or denial recommendationsSupport external & internal audits of designated systemsDevelop & present, both verbally and in writing, security briefings to all levels of the organization including senior executives (CIO, DCIO & CISO)Required:Bachelor's degree in Computer Science, Information Technology, or related field12 years of relevant experienceExperience with Authority to Operate (ATO) process, continuous monitoring, POA&Ms, Security Authorizations (SA), NIST 800-37, NIST 800-53 Rev4/ Rev5, NSM 8 and working with System OwnersFamiliarity with information system security principles of NIST 800-171In-depth knowledge of NIST special publications, CNSS policies and instructionsAbility to review, analyze, and interpret technical procedures against customer security requirementsStrong communication skills, both written and verbalDesired:Understanding & experience with eMASS or Xacta is a PLUSFedRAMP process & Cloud environments (Azure, AWS) experience preferredCertified Information Security Manager (CISM) (optional but highly recommended)Clearance: Active TS/SCI clearance requiredCertification: DoD 8570 IAM/IAT Level III certification. This will change to a DoD 8140 equivalent once a DISA 8140 policy is released.Location: This is an on-site role with expectations of being on the client site in Arlington, VA five days a week.

Created: 2025-01-14