Information Systems Security Officer; ISSO HYBRID Security Clearance

Position Summary

The Assess & Authorize (A&A) Analyst supports a DoD customer Cybersecurity Assess & Authorize function to ensure information systems and technologies are assessed and authorized by the Authorizing Official (AO) prior to introduction and operation on the network. This role provides Information System Security Officer (ISSO)-equivalent support by executing the DoD Risk Management Framework (RMF) in accordance with DoDI 8510.01, NIST SP 800-37, and NIST SP 800-30, and by developing and managing authorization packages and continuous monitoring artifacts in eMASS.

The analyst supports multiple system authorizations and contributes to cybersecurity reporting and metrics, including maintaining network connection approvals via SNAP.

• Execute RMF activities and provide ISSO / ISSO-equivalent A&A support for assigned systems across the system lifecycle (assessment, authorization, operations, and continuous monitoring).
• Support multiple Authorization to Operate (ATO), Authorization to Use (ATU), and Assess Only packages annually (approximately seven (7) authorization packages per year).
• Develop, maintain, and submit complete RMF Executive Packages for each authorization, including:
  • System Security Plan (SSP)
  • Security Assessment Report (SAR)
  • Risk Assessment Report (RAR)
  • Plan(s) of Action and Milestones (POA&M)
  • Authorization Decision Document
• Register systems within the Enterprise Mission Assurance Support Service (eMASS) and use eMASS to support and automate RMF documentation, workflows, and reporting.
• Manage and maintain system authorization artifacts in eMASS, ensuring accurate documentation of:
  • Security controls and implementation status
  • Inheritance and shared control relationships
  • Risk posture and supporting evidence
  • POA&M creation, updates, and tracking
  • Authorization status and lifecycle updates
• Coordinate with system owners, ISSMs, assessors, engineers, and AOs to support:
  • Assessment planning and execution
  • Remediation and risk mitigation activities
  • Risk acceptance decisions and authorization outcomes
  • Ongoing continuous monitoring activities
• Register and maintain all system/application connections in the Systems Network Approval Process (SNAP).
• Produce and deliver monthly and annual SNAP registration metrics.
• Support cybersecurity compliance, audit readiness, and reporting to ensure systems and technologies remain in an approved security posture.

• Active Secret security clearance
• 8–10 years of relevant cybersecurity / RMF / A&A experience
• DoD IAM Level III certification (one of the following):
  • CISM
  • CISSP (or Associate)
  • GSLC
  • CCISO Core Tools / Standards
• eMASS
• DoDI 8510.01
• NIST SP 800-37
• NIST SP 800-30