Information System Security Officer (ISSO)

Responsibilities for this Position

Location: USA VA Fort Belvoir
Full Part/Time: Full time
Job Req: RQ203624

Type of Requisition:
Regular

Clearance Level Must Currently Possess:
Top Secret

Clearance Level Must Be Able to Obtain:
Top Secret

Public Trust/Other Required:
None

Job Family:
Information Systems Management

Job Qualifications:

Skills:
Cybersecurity, Information System Security, NIST SP 800, Plan of Action and Milestones (POA&M), Security Evaluations
Certifications:
None
Experience:
5 + years of related experience
US Citizenship Required:
Yes

Job Description:

Information Systems Security Officer (ISSO)

The Information System Security Officer (ISSO) is responsible for managing the full Risk Management Framework (RMF) lifecycle to support the Authorization to Operate (ATO) for assigned information systems. This includes leading initial ATO efforts for new systems and maintaining continuous compliance for systems with an existing ATO. The ISSO will work closely with system owners, engineers, and cybersecurity stakeholders to ensure all cybersecurity requirements are identified, documented, implemented, tested, and monitored in accordance with federal and organizational policies.

Key Responsibilities:

• Serve as the primary cybersecurity point of contact for assigned information systems throughout the RMF lifecycle.
• Lead or support development of all RMF documentation including the System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), Plan of Action and Milestones (POA&M), and other artifacts required for ATO packages.
• Coordinate with system owners, developers, engineers, and assessors to identify and implement security controls based on system categorization (FIPS 199), using NIST SP 800-53 (rev. 5).
• Conduct and document security impact analyses for system changes and ensure continuous monitoring strategies are implemented.
• Support vulnerability scanning, STIG application, risk assessments, and compliance reporting to ensure ongoing ATO maintenance.
• Maintain up-to-date knowledge of cyber regulations and best practices, including NIST, CNSSI, FedRAMP, DoD RMF, and agency-specific guidance.
• Track and report POA&M items to resolution, ensuring timely mitigation of findings and audit readiness.
• Interface with Authorizing Officials (AOs), Security Control Assessors (SCAs), and other stakeholders during security assessments, audits, and reviews.
• Support incident response and system recovery actions if security events occur.

Required Qualifications:

• Bachelor's degree in Information Systems, Cybersecurity, Computer Science, or related field; or equivalent experience.
• Minimum of 3-5 years of direct experience supporting RMF and ATO processes.
• Demonstrated expertise with NIST SP 800-53 controls and RMF steps.
• Familiarity with security tools (e.g., ACAS, Nessus, HBSS, STIG Viewer, Splunk).
• Working knowledge of eMASS or similar compliance tracking platforms.
• Experience writing or reviewing SSPs, POA&Ms, and related documentation.
• DoD 8570-compliant certification (e.g., Security+, CISSP, CISM, CAP).

Preferred Qualifications:

• Experience with cloud-based systems (AWS, Azure, GovCloud) and FedRAMP.
• Familiarity with continuous ATO (cATO) environments and DevSecOps pipelines.
• Previous experience supporting DoD, DHS, or IC customers.

Soft Skills:

• Strong written and verbal communication.
• Detail-oriented with excellent organizational and documentation skills.
• Ability to manage competing priorities and timelines in a fast-paced environment.
• Collaborative team player with the ability to interface across technical and non-technical stakeholders.

Additional Requirements:

• Minimum of a DoD Final Top Secret security clearance at start.
• Must be able to work on site

The likely salary range for this position is $139,984 - $180,550. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.

Scheduled Weekly Hours:
40

Travel Required:
Less than 10%

Telecommuting Options:
Onsite

Work Location:
USA VA Fort Belvoir

Additional Work Locations:
USA NM Albuquerque

Total Rewards at GDIT:
Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.

We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.

Join our Talent Community to stay up to date on our career opportunities and events at
gdit.com/tc .

Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans

PI277062479

Information Systems Security Officer (ISSO)


The Information System Security Officer (ISSO) is responsible for managing the full Risk Management Framework (RMF) lifecycle to support the Authorization to Operate (ATO) for assigned information systems. This includes leading initial ATO efforts for new systems and maintaining continuous compliance for systems with an existing ATO. The ISSO will work closely with system owners, engineers, and cybersecurity stakeholders to ensure all cybersecurity requirements are identified, documented, implemented, tested, and monitored in accordance with federal and organizational policies.



Key Responsibilities:

• Serve as the primary cybersecurity point of contact for assigned information systems throughout the RMF lifecycle.
• Lead or support development of all RMF documentation including the System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), Plan of Action and Milestones (POA&M), and other artifacts required for ATO packages.
• Coordinate with system owners, developers, engineers, and assessors to identify and implement security controls based on system categorization (FIPS 199), using NIST SP 800-53 (rev. 5).
• Conduct and document security impact analyses for system changes and ensure continuous monitoring strategies are implemented.
• Support vulnerability scanning, STIG application, risk assessments, and compliance reporting to ensure ongoing ATO maintenance.
• Maintain up-to-date knowledge of cyber regulations and best practices, including NIST, CNSSI, FedRAMP, DoD RMF, and agency-specific guidance.
• Track and report POA&M items to resolution, ensuring timely mitigation of findings and audit readiness.
• Interface with Authorizing Officials (AOs), Security Control Assessors (SCAs), and other stakeholders during security assessments, audits, and reviews.
• Support incident response and system recovery actions if security events occur.

Required Qualifications:

• Bachelor's degree in Information Systems, Cybersecurity, Computer Science, or related field; or equivalent experience.
• Minimum of 3-5 years of direct experience supporting RMF and ATO processes.
• Demonstrated expertise with NIST SP 800-53 controls and RMF steps.
• Familiarity with security tools (e.g., ACAS, Nessus, HBSS, STIG Viewer, Splunk).
• Working knowledge of eMASS or similar compliance tracking platforms.
• Experience writing or reviewing SSPs, POA&Ms, and related documentation.
• DoD 8570-compliant certification (e.g., Security+, CISSP, CISM, CAP).

Preferred Qualifications:

• Experience with cloud-based systems (AWS, Azure, GovCloud) and FedRAMP.
• Familiarity with continuous ATO (cATO) environments and DevSecOps pipelines.
• Previous experience supporting DoD, DHS, or IC customers.

Soft Skills:

• Strong written and verbal communication.
• Detail-oriented with excellent organizational and documentation skills.
• Ability to manage competing priorities and timelines in a fast-paced environment.
• Collaborative team player with the ability to interface across technical and non-technical stakeholders.

Additional Requirements:

• Minimum of a DoD Final Top Secret security clearance at start.
• Must be able to work on site

The likely salary range for this position is $139,984 - $180,550. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.



Scheduled Weekly Hours:
40



Travel Required:
Less than 10%



Telecommuting Options:
Onsite



Work Location:
USA VA Fort Belvoir



Additional Work Locations:
USA NM Albuquerque



Total Rewards at GDIT:
Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.


We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.


Join our Talent Community to stay up to date on our career opportunities and events at

gdit.com/tc .


Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans

PI277062479