Compare your current skills to what this opportunity needs—we'll show you what you already have and what could strengthen your application.
Job Description
Information System Security Officer (ISSO)
Location :
Wall Township, NJ | Reports to : CISO |
Clearance:
U.S. Person required; ability to obtain Public Trust preferred About the Role 911inform is seeking an Information System Security Officer (ISSO) to serve as the day-to-day security steward of our FedRAMP Moderate authorized SaaS platform. The ISSO is the hands-on owner of the System Security Plan (SSP), continuous monitoring (ConMon), POA&M management, and audit evidence collection across our AWS GovCloud and Commercial environments. This role is ideal for a detail-oriented security practitioner who thrives in compliance-driven operations and enjoys turning controls into working processes. Key Responsibilities System Security Plan (SSP) Ownership — Maintain and update the FedRAMP Moderate SSP, including all narrative sections, appendices (cryptographic modules, ports/protocols, interconnections), and supporting attachments. Continuous Monitoring (ConMon) — Execute monthly ConMon deliverables: vulnerability scan reports (Tenable), POA&M updates, inventory reconciliation, and significant change requests. POA&M Management — Track, prioritize, and drive remediation of findings to closure; coordinate with engineering and IT to meet FedRAMP timelines (30/90/180 days by severity). Audit Evidence Collection — Package and submit evidence for Fed
RAMP, SOC 2
Type II, and
ISO 27001
audits; maintain Vanta and SharePoint-based evidence libraries. Access Reviews — Conduct quarterly access reviews across AWS (Commercial + GovCloud), M365 GCC, MongoDB Atlas for Government, CrowdStrike, Tenable, Action1, Jira, and other in-boundary systems. Vulnerability & Endpoint Oversight — Monitor Tenable Nessus, CrowdStrike Falcon, and Action1 coverage; investigate agent reporting gaps and orphaned endpoints. Incident Response Support — Maintain the IR Plan, support tabletop exercises, complete Appendix B incident collection forms, and assist in real-world investigations (e.g., supply chain events). Policy & Procedure Maintenance — Keep Access Control, Privileged Access, Data Management, Incident Response, Secure SDLC, and Third-Party Management policies current and audit-ready. Third-Party / Vendor Risk — Onboard new vendors, review DPAs/SLAs/SOC 2 reports, maintain the vendor risk register, and route critical-risk acceptances to the CFO per policy. Control Implementation Support — Partner with engineering on
NIST 800-53
Rev. 5 control implementation, particularly AC, AU, CM, CP, IR, RA, SC, and SI families. Required Qualifications 3-5+ years in information security, compliance, or GRC roles. Working knowledge of
NIST 800-53
Rev. 5, FedRAMP Moderate, SOC 2, and
ISO 27001.
Hands-on experience with AWS (GovCloud a plus), Microsoft 365 (GCC a plus), and at least one EDR/VM platform (CrowdStrike, Tenable, Defender). Experience writing and maintaining SSPs, POA&Ms, and audit evidence. Strong written communication — able to produce audit-ready narratives and executive summaries. Preferred Qualifications CISSP, CISA, CAP, CCSP, Security+, or equivalent. Prior experience supporting a FedRAMP authorization or 3PAO assessment. Familiarity with Vanta, Drata, or similar GRC automation tools. Background in public safety, 9-1-1, telecom, or critical infrastructure SaaS.
