Silosmashers - Arlington, VA
posted about 2 months ago
Full-time - Senior
Remote - Arlington, VA
Professional, Scientific, and Technical Services
About the position
SiloSmashers is seeking an experienced Information Systems Security Officer (ISSO) to ensure compliance with internal policies, controls, and regulatory security requirements. The ISSO will evaluate technological, operational, and process controls, support risk and compliance management, and assist in federal audits. This role involves preparing security documentation, managing risk assessments, and providing security expertise to stakeholders.
Responsibilities
- Ensure compliance with internal policies, controls, and standards, as well as client and regulatory security requirements.
- Evaluate technological, operational, and process controls to assess the design and implementation of security controls.
- Support risk and compliance management, including risk assessments and reporting.
- Prepare Security Authorization Packages and Security Authorization memorandums.
- Identify, assess, and prioritize risks, collecting evidence and documenting findings.
- Report on compliance with internal policies and provide remediation recommendations.
- Communicate regularly with stakeholders regarding project status and issues.
- Track and report on Plans of Action and Milestones (POAMs).
- Coordinate third-party risk assessments and IT audits.
- Manage remediation efforts and report on control deficiencies.
- Support security initiatives and policy adherence efforts.
- Provide security expertise to business units and key stakeholders.
Requirements
- Bachelor's degree in Computer Science, Information Systems, Software Engineering, or a related field.
- 7+ years of experience implementing Risk Management Framework in the federal government.
- Experience with NIST Risk Management Framework (RMF) and federal regulations such as FISMA and NIST Special Publications.
- 7+ years of experience in IT security, including Security Assessment and Authorization (SA&A) and risk analysis.
- 5+ years of experience with FedRamp systems (Azure, AWS, GCP).
- CISSP or CGRC certifications highly preferred.
- Effective written and oral communication skills.
- Ability to work independently and collaborate with teams.
Nice-to-haves
- Experience with a Governance, Risk, and Compliance (GRC) Tool (CSAM) is highly desirable.
- Previous Federal Government experience is a plus.
Benefits
- 100% remote work with occasional on-site visits as needed.
