×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Information Security Systems Officer, Information Services

Job in Washington, District of Columbia, 20022, USA
Listing for: RAND Corporation
Full Time position
Listed on 2026-02-16
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below

Job Type: Regular

Overview

Reporting directly to the Manager, Information Assurance, Information Security, the Information Security Systems Officer (ISSO), Information Services supports cybersecurity and risk management initiatives across enterprise unclassified systems with a focus on Information Assurance. The ISSO, Information Services plays a central role in protecting information assets, ensuring compliance with federal, state and local cybersecurity requirements (e.g., NIST 800-171, CMMC), and maintaining a strong security posture through effective use of Governance, Risk, and Compliance (GRC) tools.

This includes conducting audits, analyzing sensitive data, and collaborating with various teams to implement and maintain security measures. The ISSO, Information Services identifies vulnerabilities, recommends improvements, and provides expert guidance on cybersecurity matters while staying informed about emerging threats and trends. This ISSO, Information Services role is responsible for CMMC practices (Cybersecurity Maturity Model Certification) as a member of the Information Security Cybersecurity Team in the Information Services (IS) Department.

Responsibilities

Cybersecurity System Security and Compliance across the enterprise unclassified systems:

  • Develop and maintain System Security Plans (SSPs) and supporting documentation aligned with NIST 800-171 and CMMC practices.
  • Conduct regular security control assessments, perform gap analyses, and update Plans of Action and Milestones (POA&M) s.
  • Coordinate security authorization and compliance activities across IT systems and applications.

Cybersecurity and Security Reviews & Continuous Improvement:

  • Perform ongoing security reviews of applications, infrastructure, and business processes to verify compliance and identify improvements.
  • Recommend remediation strategy, track remediation efforts, and collaborate closely with IT, Dev Ops, and business teams.
  • Conduct comprehensive cybersecurity audits to ensure compliance with CMMC, DFARS 7012, NIST 800-171, and other relevant regulations.
  • Analyze and assess various data types, including Controlled Unclassified Information (CUI), Controlled Technical Information (CTI), Federal Contract Information (FCI), International Traffic in Arms Regulations (ITAR), and Export Administration Regulation (EAR
    99).
  • Collaborate with system and network administrators to ensure audit features are configured and enabled correctly.

Third‑Party IT Security Oversight:

  • Conduct third‑party/vendor security assessments as part of the procurement and onboarding process.
  • Review supplier security documentation and manage risks associated with external data sharing and service providers.

Incident Support:

  • Participate in incident response activities, including documentation, coordination, and lessons learned reviews.
  • Help improve incident detection, containment, and prevention through policy, training, and technical improvements.

GRC & Risk Management Support:

  • Utilize GRC tools to document and track risk assessments, policy compliance, and mitigation efforts.
  • Identify and evaluate risks to information assets; assist in the development of risk treatment and remediation plans.
  • Review policy exceptions to assess impact and risk, track approvals, and monitor mitigation within target remediation timeline.
  • Collaborate with internal stakeholders to ensure alignment of technical and administrative controls with risk management strategies.

IT Security Awareness & Training:

  • Support the development and rollout of security awareness training to ensure users understand responsibilities and best practices.
  • Ensure training completion and maintain accurate compliance records; other duties as assigned.
Qualifications

Required:

  • Minimum 3 years of experience with a BS/BA degree in an IT information security or compliance role in a corporate or government contractor setting. (Minimum 7 years' experience without a BA/BS degree.)
  • Strong understanding of NIST SP 800-171, CMMC Level 2, and basic DFARS cybersecurity clauses.
  • Extensive knowledge of multiple federal government network security processes and procedures.
  • Technical background with understanding or hands‑on experience in…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search