Information System Security Officer (ISSO)
Full Time $95,000 - $125,000 / yearJob Overview
As the Information System Security Officer (ISSO) at Impulse, is responsible for maintaining the operational security posture of assigned information systems and supporting the organization’s information security program. Working under the direction of the Information System Security Manager (ISSM), the ISSO ensures that systems operate within their approved security authorization and comply with applicable regulatory and contractual security requirements.
The ISSO supports the Risk Management Framework (RMF) lifecycle for assigned systems, including development and maintenance of authorization documentation, continuous monitoring activities, vulnerability management, and coordination of system changes that may affect authorization status. This role requires close collaboration with IT administrators, engineers, and program management to ensure security controls are properly implemented while supporting operational mission requirements.
The ISSO serves as the day-to-day security point of contact for assigned systems and provides regular status updates to the ISSM regarding compliance posture, system changes, vulnerabilities, and potential security risks.
Responsibilities
- Support the ISSM in maintaining the security posture of assigned information systems.
- Assist in the development, implementation, and maintenance of RMF authorization documentation including System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), and supporting artifacts.
- Perform continuous monitoring activities including audit log review, configuration validation, vulnerability tracking, and security control verification.
- Coordinate system changes through configuration management processes and conduct security impact assessments for proposed modifications to hardware, software, or system architecture.
- Verify that user access is granted only to individuals with the appropriate clearance, authorization, training, and need-to-know.
- Track and manage vulnerabilities identified through vulnerability scans, security assessments, and compliance checks, ensuring remediation actions are documented and completed.
- Report cybersecurity incidents, anomalies, and security violations in accordance with organizational and government reporting requirements.
- Participate in configuration control boards (CCB) or change management activities when security impact assessments are required.
- Ensure system security documentation remains current, accurate, and available to authorized personnel.
- Support internal and external security inspections, authorization activities, and compliance assessments.
- Coordinate with IT and engineering teams to ensure systems are configured in accordance with approved security baselines and applicable DISA STIGs.
Regulatory Framework
This role operates within the following security and compliance frameworks:
- NISPOM (32 CFR Part 117)
- DoDI 8510.01 – Risk Management Framework (RMF)
- NIST SP 800-53 Security Controls
- NIST SP 800-171 (Protection of Controlled Unclassified Information)
- CMMC 2.0
- DISA Security Technical Implementation Guides (STIGs)
- DoD 8140 Cyber Workforce Framework
Minimum Qualifications
- DoD 8140 compliant certification meeting IAT Level II or IAM Level I requirements (e.g., Security+ CE, CAP, CASP+, CISM, CISSP)
- Experience supporting RMF authorization processes and maintaining system authorization documentation
- Experience developing and maintaining SSPs, POA&Ms, and related authorization artifacts
- Demonstrated knowledge of NIST SP 800-53 security controls
- Demonstrated knowledge of NIST SP 800-171 and CMMC Level 2 requirements
- Experience reviewing system logs and conducting security compliance reviews