Intermediate ISSO Control Evaluator

The Intermediate ISSO/Control Evaluator serves as the principal advisor to the information systems owners, business process owners, and Information System Security Manager (ISSM) on all matters, technical and otherwise, involving the security of an information system. Duties and Responsibilities: Create, update, revise, and maintain cybersecurity and privacy documentation for each assigned system Provide security and privacy controls assessment and continuous monitoring assessment support for all systems Develop and sustain in-depth technical, operational, and working-level expertise about the systems and applications assigned Actively participate in change control processes Ensure systems are onboarded into the enterprise tools and reporting mechanisms Design, construct, automate, and maintain visualizations (dashboards) and the underlying data structures that reflect the status or effectiveness of controls, monitoring status, capabilities, or metrics Collect, compile, validate, and submit FISMA reporting metrics representing all systems, services, applications, and programs Support and facilitate internal and external audits of assigned FISMA systems Provide cybersecurity- and privacy-related awareness training content and development support Provide support for the integration of cybersecurity and privacy risks into the Enterprise Risk Management (ERM) function, to support FISMA requirements Other duties as assigned. Minimum Qualifications: Bachelor's in Computer Science, Information Technology, Cybersecurity, or a related discipline 5+ years of experience developing the required documents for the A&A, 5+ years of experience implementing NIST 800-53A security controls; 1 year of experience in data structures, data mining, business intelligence ISC(2) CGRC, CompTIA CASP+ or similar level certification preferred Background check Knowledge, Skills, and Abilities: Experience in applying risk management techniques to develop and complete risk assessments based on NIST standards to ensure system design and implementation sufficiently addresses or mitigates IA risk. Experience in data structures, data mining, and business intelligence, with the ability to correlate data across multiple disparate sources, linking common data elements, and constructing informative visualizations. Knowledge of FISMA reporting requirements Location: Washington, DC (Hybrid - 3 days onsite/ 2 days remote)

Created: 2026-03-04