Senior Level Information System Security Officer (ISSO)/ISSM
Position Overview
ClearFocus Technologies is seeking a highly experienced Senior Information System Security Officer (ISSO) to provide expert-level cybersecurity support for mission-critical DoD systems. The ideal candidate will lead cybersecurity standardization efforts, vulnerability management processes, and risk management activities in collaboration with Program Managers and Government Information System Security Managers (ISSMs). This position requires strategic thinking, advanced technical expertise, and the ability to provide leadership across multiple cybersecurity domains.
Key Responsibilities

• Cybersecurity Standardization & Leadership
• Lead efforts with Program Managers and Government ISSMs to establish, monitor, and maintain comprehensive cybersecurity baselines
• Serve as a senior technical advisor ensuring all systems maintain good standing status and compliance with DISA cybersecurity policies
• Develop and implement strategic approaches to streamline processes and procedures for programs, systems, and networks with information assurance requirements
• Drive initiatives to enhance data integrity, validation requirements, escalation procedures, compliance monitoring, and knowledge management

Lead the development, analysis, and modification of high-priority cybersecurity documentation, including:

• Develop, Review, and Maintain Cybersecurity Security Plans (CSSP)
• Develop, Review, and Maintain Concept of Operations (CONOPS)
• Develop, Review, and Maintain Program Protection Plans (PPP)
• Develop, Review, and Maintain Incident Recovery Plans (IR Plan)
• Represent the organization in high-level DISA and DoD cybersecurity meetings, providing expert guidance to ensure organizational interests and security posture are maintained
• Oversee Information Assurance Vulnerability Management (IAVM) activities
• Oversee the generation and preparation of complex artifacts supporting cybersecurity governance and change board decisions
• Establish and maintain comprehensive documentation systems across SharePoint and other enterprise repositories
• Provide expert guidance for cybersecurity milestone decisions and governance boards
• Develop and analyze critical security artifacts including FISMA reports, cybersecurity control validations, and risk assessment reports
• Lead the creation and interpretation of Continuous Monitoring and Risk Scoring (CMRS) reports, Assured Compliance Assessment Solution (ACAS) scans, and other specialized cybersecurity assessments
• Serve as a key technical contributor to Change Control Boards (CCB), providing authoritative security impact assessments
• Direct the preparation of complex cybersecurity change requests and waivers in accordance with DISA instructions
• Lead evaluation and implementation strategies for newly released Information Assurance Vulnerabilities, DISA Security Technical Implementation Guides (STIGs), and Security Requirements Guides (SRGs)
• Design and implement remediation approaches for complex vulnerabilities, developing comprehensive POA&Ms when immediate fixes aren't feasible
• Oversee tracking systems for POA&Ms and Residual Risk Statements through their complete lifecycle
• Lead the assessment of changes to Authority to Operate (ATO) documentation and direct development of required security documentation
• Ensure timely submission of RMF packages (minimum 70 calendar days before expiration) and FISMA compliance (minimum 30 days before DITPR expiration dates)
• Provide expert guidance on DISN services, applications, programs, systems, and networks
• Demonstrate advanced proficiency with enterprise systems including DITPR, eMASS, PPSM, SNAP, and SGS
• Risk Management
• Direct preparation and execution of Command Cyber Readiness Inspections (CCRI), Site Assistance Visits (SAV), and Authorization & Assessment (A&A) activities
• Lead preparation efforts for Cooperative Vulnerability and Penetration Assessments (CVPA) and Adversary Assessments (AA) to meet DoD CIO and DOT&E acquisition requirements
• Oversee comprehensive auditing and reporting for systems, networks, documentation, and compliance frameworks
• Provide strategic direction for compliance with RMF controls, DoD 8140.03 requirements, IAVMs, and STIGs
• Manage response activities for DISA Task Orders (DTO) and CYBERCOM Task Orders (CTO)
• Coordinate assessment activities across CONUS and OCONUS assets

Required Qualifications

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (Master's preferred)
• 7+ years of progressive experience in information systems security with at least 3+ years in a senior role
• Current DoD 8140.03 IAT Level III compliant certification (CASP+, CISSP, CISM, or equivalent)
• Active Top Secret security clearance
• Advanced knowledge of DoD Risk Management Framework (RMF) implementation
• Expert understanding of DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
• Demonstrated expertise with Enterprise Mission Assurance Support Service (eMASS)
• Advanced proficiency with vulnerability management tools, security assessment solutions, and compliance reporting
• Comprehensive knowledge of FISMA requirements and implementation strategies
• Expert understanding of DoD cybersecurity directives, NIST standards, and federal compliance frameworks
• Proven ability to lead teams and collaborate with senior stakeholders
• Experience mentoring junior security professionals

Preferred Qualifications

• Master's degree in Cybersecurity, Information Assurance, or related field
• Multiple advanced cybersecurity certifications (CISSP with concentrations, CISM, GCIH, GCED, etc.)
• Experience leading RMF package development and authorization processes
• Background in security assessment and authorization for complex DoD systems
• Prior experience supporting or leading Command Cyber Readiness Inspections (CCRI)
• Demonstrated success in critical vulnerability remediation for complex systems
• Experience with cloud security in DoD environments
• Background in security automation and continuous monitoring solutions
• Experience with penetration testing, security assessments, and red team activities
• Knowledge of Zero Trust Architecture implementation in DoD environments

Working Environment

• Primary work location at government facilities
• May require travel to CONUS and OCONUS locations to support assessment activities
• Work with highly classified information and systems
• May require occasional after-hours support during security incidents or critical vulnerability management

Additional Information

• Must comply with appropriate DoD-approved architectures, programs, and standards
• Required knowledge of National Information Infrastructure, Global Information Infrastructure, and Defense Information Infrastructure frameworks
• Position requires staying current with rapidly evolving cybersecurity threats, regulations, and technologies
• Ability to obtain and maintain specialized access may be required