Job Description
Information System Security Officer (ISSO) / ISCM Lead - Hybrid
BOMBEAZY LLC
Washington, DC Job Details Full-time | Contract $200,000 - $230,000 a year 3 hours ago Benefits Paid time off Flexible schedule Qualifications Risk management compliance audits Document review (document control) Vulnerability assessment Cybersecurity tools Computer Science Information security audit implementation Technical documentation Security risk assessment investigation Regulatory compliance Governance, risk, and compliance (GRC) software Configuration management Information Security Bachelor's degree Compliance documentation Vulnerability management CompTIA Security+ RMF Information security auditing Audit support Information Technology Full Job Description The Information System Security Officer (ISSO) / Information Security Continuous Monitoring (ISCM) Lead is responsible for the strategic coordination and operational execution of security compliance, authorization support, and the enterprise Information Security Continuous Monitoring (ISCM) program. This role leads the implementation and sustainment of the Risk Management Framework (RMF) and Assessment & Authorization (A&A) lifecycle activities to ensure systems maintain ongoing authorization and compliance with federal and organizational cybersecurity requirements. The ISSO/ISCM
Lead is responsible for maintaining and continuously updating all required security documentation and artifacts, including System Security Plans (SSPs), Configuration Management Plans (CMPs), Disaster Recovery Plans (DRPs), contingency documentation, inventories, and related authorization artifacts to accurately reflect the current operational environment. This role serves as the primary liaison between business stakeholders, system owners, technical teams, and the Office of the CISO to coordinate security compliance activities, manage ongoing authorization efforts, support internal and external audits, and ensure all configuration deviations, failed settings, accepted risks, and POA&M items are formally documented and tracked within the system authorization boundary and governance/risk/compliance (GRC) platforms. Key ResponsibilitiesSecurity Compliance & Authorization Management Lead the strategic and day-to-day execution of security compliance, authorization, and ongoing authorization activities. Manage and oversee the implementation of the Risk Management Framework (RMF) and Assessment & Authorization (A&A) lifecycle processes. Coordinate the development, maintenance, review, and update of security authorization documentation and artifacts, including: System Security Plans (SSPs) Configuration Management Plans (CMPs) Disaster Recovery Plans (DRPs) Contingency Plans Security Assessment Reports (SARs) Risk Assessments POA&Ms Security inventories and supporting documentation Ensure all security documentation accurately reflects the current operational and technical environment. Support ongoing authorization activities through continuous assessment, monitoring, and remediation coordination. Information Security Continuous Monitoring (ISCM) Lead the execution and maturity of the Information Security Continuous Monitoring (ISCM) program. Coordinate proactive internal controls testing and internal Security Control Assessments (SCAs) to validate the effectiveness of implemented security controls. Monitor control implementation status and coordinate remediation activities for identified deficiencies and vulnerabilities. Ensure continuous monitoring results, findings, and corrective actions are documented and tracked appropriately. Risk & Configuration Management Manage the end-to-end lifecycle of: Plans of Action and Milestones (POA&Ms) Risk acceptance decisions Configuration deviations Failed configuration settings Technical exceptions and mitigation plans Ensure all deviations, accepted risks, and configuration-related findings are explicitly documented and tracked within the system authorization boundary and GRC platforms (e.g., Xacta or equivalent tools). Collaborate closely with ISSO personnel, Security Engineers, system owners, and operational teams to ensure configuration and compliance data remain accurate and current. Stakeholder Coordination & Audit Support Serve as the primary liaison between business functions, system stakeholders, and the Office of the CISO for security compliance and authorization activities. Coordinate weekly security and compliance meetings to review system risks, POA&M status, audit findings, remediation efforts, and ongoing authorization activities. Support internal and external audit activities, including FISMA, OIG, and other oversight reviews. Manage the collection, validation, and submission of audit and assessment artifacts to ensure evidence meets quality and oversight standards. Coordinate with stakeholders responsible for security, privacy, technology, engineering, and operations to support enterprise compliance initiatives. Security Engineering & Control Oversight Collaborate with Security Engineers and technical teams to validate implementation and effectiveness of security controls. Support review of system categorizations, control implementations, and risk-based security decisions. Assist in identifying opportunities to improve security posture, automation, monitoring, and compliance processes. Required Qualifications Bachelor's degree in Cybersecurity, Information Technology, Information Assurance, Computer Science, or related field (or equivalent professional experience). 5+ years of experience supporting information security, ISSO functions, RMF, A&A, compliance, or ISCM programs. Strong knowledge of the Risk Management Framework (RMF), NIST standards, and federal cybersecurity compliance requirements. Experience managing security authorization packages and ongoing authorization activities. Experience maintaining and updating security documentation and artifacts. Familiarity with governance, risk, and compliance (GRC) platforms such as Xacta or equivalent tools. Experience supporting FISMA, OIG, or similar audit and assessment activities. Understanding of security controls, vulnerability management, configuration management, and risk assessment methodologies. Strong analytical, organizational, and communication skills. Ability to coordinate across technical, operational, and business stakeholders. Preferred Qualifications Experience supporting federal or highly regulated environments. Familiarity with NIST SP 800-37, NIST SP
800-53, and related cybersecurity frameworks. Experience with continuous monitoring technologies and compliance automation tools. Knowledge of cloud security, hybrid environments, and enterprise infrastructure security. Experience supporting contingency planning, disaster recovery, and incident response coordination. Preferred Certifications Candidates should possess one or more of the following certifications: Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Authorization Professional (CAP) CompTIA Security+ Systems Security Certified Practitioner (SSCP) Core Competencies Risk Management Framework (RMF) Information Security Continuous Monitoring (ISCM) Assessment & Authorization (A&A) Security Compliance & Governance Security Documentation Management Internal Controls Assessment Risk & Configuration Management Audit Coordination & Evidence Collection Stakeholder Collaboration Cybersecurity Operations & Oversight Pay:
$200,000.00 - $230,000.00 per year Benefits:
Flexible schedule Paid time off Work Location:
Hybrid remote in Washington, DC 20591
