Information System Security Officer; ISSO Lead; Remote
Virginia Beach, Virginia, 23453, USA
Listed on 2026-07-08
-
IT/Tech
Cybersecurity, Information Security
The following states/districts are excluded from this job ad: AK, CA, CO, CT, DC, HI, LA, MA, MN, MO, NE, NV, NH, NJ, NM, NY, ND, OR, PR, RI, VT, WA, WY
Future Need
- Actively Interviewing
Location:
Remote in any United States jurisdiction not excluded from this job advertisement.
Lead the authorization integrity of one of the Department of Veterans Affairs (VA's) most complex multi-tenant cloud platforms. As the Information System Security Officer (ISSO) Lead, you will manage Authorization to Operate (ATO)/Approval to Connect (ATC) sustainment, security audits, and continuous monitoring across a platform undergoing active authorization boundary restructuring.
Position DescriptionThe ISSO Lead manages all Authorization to Operate (ATO)/Approval to Connect (ATC) activities, coordinates security audits and assessments, and oversees Plan of Action and Milestones (POA&M) lifecycle management across the tiered multi-tenant authorization environment.
Minimum/General Experience10 years of experience in information systems security.
Minimum EducationBachelor's Degree in cybersecurity, information assurance, or related field;
Certified Information Systems Security Professional (CISSP) or Certified Authorization Professional (CAP) (preferred).
- Expert knowledge of National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) process (e.g., Categorize, Select, Implement, Assess, Authorize, and Monitor)
- Excellent ability to initiate actions required to establish new ATOs/ATCs
- Excellent ability to maintain existing authorizations
- Excellent ability to attend or conduct security audits
- Excellent experience drafting assessment finding mitigation plans
- Excellent knowledge of multi-tenant ATO inheritance frameworks
- Excellent ability to support authorization boundary management between platform and tenant layers
- Above average ability to maintain security documentation (e.g., Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), Security Impact Analysis (SIA), Business Impact Analysis (BIA), Data Security Categorization (DSC), hardware/software lists, and Ports, Protocols, and Services Management (PPSM) documents)
- Experience supporting a federal agency
- Excellent verbal and written communication skills
Physical Requirements
General Physical Requirements needed to perform the essential functions of this job may vary based on the location of the assignment.
- Assignment Location
- Remote - Sedentary Work
- Exerting up to 10 pounds of force occasionally and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects. - Typing, communicating, repetitive motions.
- Close visual acuity to prepare and analyze data, view computer monitors and read. May need to view presentation screens and other visual aids in a virtual setting.
- Inside environmental conditions with protection from outside elements.
Active Federal Civilian Public Trust clearance
- U.S. Citizenship or Permanent Resident that has lived in the United States for at least 3 years
Consists of a review of up to but not limited to:
- Covers 10 year period and in some instances lifetime events
- OPM Security Investigations Index (SII)
- DOD Defense Central Investigations Index (DCII)
- National Agency Check (NAC) records
- FBI name check
- FBI fingerprint check
- Credit report check
- Written inquiries to previous employers and references listed on the application for employment
- Potential interviews with the subject, spouse, neighbors, supervisor, coworkers
- Law enforcement check
- Court records check
- Education check
- Attendance and Degrees
- Initiates actions required to establish new ATOs and ATCs
- Maintains all existing authorizations including periodic assessment oversight and staffing of all ATO audits
- Coordinates all RMF activities with the AO, ISSO counterparts, ISO, and designated stakeholders
- Attends or conducts all security audits including General (IG), Security Assessment and Validation Data (SAVD), Cybersecurity Compliance Task Force (CCTF), Office of Information Security (OIS), Information Security Risk Management (ISRM),…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).