Tyto Athene is searching for a highly experienced Lead Information System Security Officer (ISSO) to support our customer in Arlington, Virginia.

Responsibilities:

• Lead Risk Management Framework Assessment & Authorization (A&A) activities for various information systems
• Lead the entire RMF cycle for all assigned systems to include: initiation, categorization, selection, implementation, assessment, authorization & continuous monitoring
• Implement & manage security controls in accordance with the current revision of NIST 800-53
• Conduct ongoing security reviews & tests of assigned systems to verify that security features and controls are functional and effective
• Develop Plan of Action & Milestones (POA&Ms) in response to identified vulnerabilities, and lead remediation efforts
• Develop security documentations to include, but not limited to, System Security Plans (SSPs), Plan of Actions & Milestones (POA&Ms), and other artifacts to support the Body of Evidence (BOE)
• Coordinate security testing exercises to include but not limited to: incident response, disaster recovery & contingency activities
• Review proposed change requests related to system design/configuration and perform a security impact analysis (SIA) to provide approval or denial recommendations
• Support external & internal audits of designated systems
• Develop & present, both verbally and in writing, security briefings to all levels of the organization including senior executives (CIO, DCIO & CISO)

Required:

• Bachelor’s degree in Computer Science, Information Technology, or related field
• 12 years of relevant experience
• Experience with Authority to Operate (ATO) process, continuous monitoring, POA&Ms, Security Authorizations (SA), NIST 800-37, NIST 800-53 Rev4/ Rev5, NSM 8 and working with System Owners
• Familiarity with information system security principles of NIST 800-171
• In-depth knowledge of NIST special publications, CNSS policies and instructions
• Ability to review, analyze, and interpret technical procedures against customer security requirements
• Strong communication skills, both written and verbal

Desired:

• Understanding & experience with eMASS or Xacta is a PLUS
• FedRAMP process & Cloud environments (Azure, AWS) experience preferred
• Certified Information Security Manager (CISM) (optional but highly recommended)

Clearance: Active TS/SCI clearance required

Certification: DoD 8570 IAM/IAT Level III certification. This will change to a DoD 8140 equivalent once a DISA 8140 policy is released.

Location: This is an on-site role with expectations of being on the client site in Arlington, VA five days a week.