Information Systems Security Officer ISSO

Qualifications

Bachelor's degree in IT, Cybersecurity, Computer Science, or related field (or equivalent experience) with 5-8+ years or (commensurate experience)

2-3 years in an ISSO or cybersecurity compliance role supporting RMF process

Strong understanding of NIST 800-53 controls and assessment procedures

Experience collecting, developing and maintaining RMF artifacts

Experience managing POA&Ms and documenting remediation efforts

Experience reviewing, interpreting, or validating vulnerability and configuration findings

Clearance Required: Ability to obtain and maintain a HUD Public Trust clearance

Camera must be on

A valid photo ID must be presented during each interview

Enhanced Biometrics ID verification screening

Background check, to include:

Criminal history (past 7 years)

Verification of your highest level of education

Verification of your employment history (past 7 years), based on information provided in your application

Benefits

Posted Salary Range

USD $90,000. 00 - USD $110,000. 00 /Yr

Responsibilities

The ISSO ensures the confidentiality, integrity, and availability of HUD information systems by executing the NIST Risk Management Framework (RMF), supporting system authorization activities, conducting continuous monitoring, and coordinating remediation efforts with system owners and technical teams

Key responsibilities include maintaining system security posture, supporting FISMA and OMB A-130 compliance, responding to audits, validating controls, analyzing vulnerabilities, and ensuring security documentation is accurate and audit-ready

This position is based in the United States and is a full remote work

Support and execute all phases of the NIST SP 800-37 RMF lifecycle including categorization, control selection, implementation, assessment, authorization, and continuous monitoring

Develop, maintain, and update RMF documentation in JCAM including System Security Plans, Security Assessment Plans, Security Assessment Reports, POA&Ms, Configuration Management Plans, Contingency Plans, Incident Response Plans, Risk Assessment documentation, and interconnection documents

Establish system impact levels following FIPS 199 for confidentiality, integrity, and availability

Ensure systems comply with FISMA, NIST SP 800-53 Rev 5, OMB A-130, and applicable agency cybersecurity policies

Prepare and maintain Body of Evidence materials and control traceability documentation in JCAM

Support Authorization to Operate (ATO), Authority to Connect (ATC), and ongoing authorization activities; maintain associated documentation in JCAM

Review and analyze vulnerability scan results using Tenable Security Center

Validate asset inventories and correlate system information

Validate secure configuration baselines and system hardening standards

Track remediation activities and ensure POA&M items and milestones are created, updated, and closed on schedule

Review endpoint security posture and support investigations by correlating endpoint findings with vulnerability, configuration, and CDM data

Provide security reporting, dashboards, and status updates to system owners and leadership

Support configuration management processes by reviewing and assessing change requests for security impact

Ensure security controls are implemented correctly during system changes, upgrades, or new deployments

Stay informed on emerging cybersecurity policies, standards, and threat landscapes; provide recommendations for improving security posture

Collaborate with technical and non-technical personnel to review systems, gather evidence, and communicate security requirements

APPLY